diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index ce8cff1..18ea466 100644 --- a/.gitignore +++ b/.gitignore @@ -1,182 +1,4 @@ *~ -/389-ds-base-1.2.7.2.tar.bz2 -/389-ds-base-1.2.7.3.tar.bz2 -/389-ds-base-1.2.7.4.tar.bz2 -/389-ds-base-1.2.7.5.tar.bz2 -/389-ds-base-1.2.8.a1.tar.bz2 -/389-ds-base-1.2.8.a2.tar.bz2 -/389-ds-base-1.2.8.a3.tar.bz2 -/389-ds-base-1.2.8.rc1.tar.bz2 -/389-ds-base-1.2.8.rc2.tar.bz2 -/389-ds-base-1.2.8.rc4.tar.bz2 -/389-ds-base-1.2.8.rc5.tar.bz2 -/389-ds-base-1.2.8.0.tar.bz2 -/389-ds-base-1.2.8.1.tar.bz2 -/389-ds-base-1.2.8.2.tar.bz2 -/389-ds-base-1.2.8.3.tar.bz2 -/389-ds-base-1.2.9.a1.tar.bz2 -/389-ds-base-1.2.9.a2.tar.bz2 -/389-ds-base-1.2.9.0.tar.bz2 -/389-ds-base-1.2.9.1.tar.bz2 -/389-ds-base-1.2.9.2.tar.bz2 -/389-ds-base-1.2.9.3.tar.bz2 -/389-ds-base-1.2.9.4.tar.bz2 -/389-ds-base-1.2.9.5.tar.bz2 -/389-ds-base-1.2.9.6.tar.bz2 -/389-ds-base-1.2.9.7.tar.bz2 -/389-ds-base-1.2.9.8.tar.bz2 -/389-ds-base-1.2.9.9.tar.bz2 -/389-ds-base-1.2.9.10.tar.bz2 -/389-ds-base-1.2.10.a1.tar.bz2 -/389-ds-base-1.2.10.a2.tar.bz2 -/389-ds-base-1.2.10.a3.tar.bz2 -/389-ds-base-1.2.10.a4.tar.bz2 -/389-ds-base-1.2.10.a5.tar.bz2 -/389-ds-base-1.2.10.a6.tar.bz2 -/389-ds-base-1.2.10.a7.tar.bz2 -/389-ds-base-1.2.10.a8.tar.bz2 -/389-ds-base-1.2.10.rc1.tar.bz2 -/389-ds-base-1.2.10.0.tar.bz2 -/389-ds-base-1.2.10.1.tar.bz2 -/389-ds-base-1.2.10.2.tar.bz2 -/389-ds-base-1.2.10.3.tar.bz2 -/389-ds-base-1.2.10.4.tar.bz2 -/389-ds-base-1.2.11.a1.tar.bz2 -/389-ds-base-1.2.11.1.tar.bz2 -/389-ds-base-1.2.11.2.tar.bz2 -/389-ds-base-1.2.11.3.tar.bz2 -/389-ds-base-1.2.11.4.tar.bz2 -/389-ds-base-1.2.11.5.tar.bz2 -/389-ds-base-1.2.11.6.tar.bz2 -/389-ds-base-1.2.11.7.tar.bz2 -/389-ds-base-1.2.11.8.tar.bz2 -/389-ds-base-1.2.11.9.tar.bz2 -/389-ds-base-1.2.11.10.tar.bz2 -/389-ds-base-1.2.11.11.tar.bz2 -/389-ds-base-1.2.11.12.tar.bz2 -/389-ds-base-1.2.11.13.tar.bz2 -/389-ds-base-1.2.11.14.tar.bz2 -/389-ds-base-1.2.11.15.tar.bz2 -/389-ds-base-1.3.0.a1.tar.bz2 -/389-ds-base-1.3.0.rc1.tar.bz2 -/389-ds-base-1.3.0.rc2.tar.bz2 -/389-ds-base-1.3.0.rc3.tar.bz2 -/389-ds-base-1.3.0.0.tar.bz2 -/389-ds-base-1.3.0.1.tar.bz2 -/389-ds-base-1.3.0.2.tar.bz2 -/389-ds-base-1.3.0.3.tar.bz2 -/389-ds-base-1.3.0.4.tar.bz2 -/389-ds-base-1.3.0.5.tar.bz2 -/389-ds-base-1.3.1.0.tar.bz2 -/389-ds-base-1.3.1.1.tar.bz2 -/389-ds-base-1.3.1.2.tar.bz2 -/389-ds-base-1.3.1.3.tar.bz2 -/389-ds-base-1.3.1.4.tar.bz2 -/389-ds-base-1.3.1.5.tar.bz2 -/389-ds-base-1.3.1.6.tar.bz2 -/389-ds-base-1.3.1.7.tar.bz2 -/389-ds-base-1.3.1.8.tar.bz2 -/389-ds-base-1.3.1.9.tar.bz2 -/389-ds-base-1.3.1.10.tar.bz2 -/389-ds-base-1.3.1.11.tar.bz2 -/389-ds-base-1.3.2.0.tar.bz2 -/389-ds-base-1.3.2.1.tar.bz2 -/389-ds-base-1.3.2.2.tar.bz2 -/389-ds-base-1.3.2.3.tar.bz2 -/389-ds-base-1.3.2.4.tar.bz2 -/389-ds-base-1.3.2.5.tar.bz2 -/389-ds-base-1.3.2.6.tar.bz2 -/389-ds-base-1.3.2.7.tar.bz2 -/389-ds-base-1.3.2.8.tar.bz2 -/389-ds-base-1.3.2.9.tar.bz2 -/389-ds-base-1.3.2.10.tar.bz2 -/389-ds-base-1.3.2.11.tar.bz2 -/389-ds-base-1.3.2.12.tar.bz2 -/389-ds-base-1.3.2.13.tar.bz2 -/389-ds-base-1.3.2.14.tar.bz2 -/389-ds-base-1.3.2.15.tar.bz2 -/389-ds-base-1.3.2.16.tar.bz2 -/389-ds-base-1.3.2.17.tar.bz2 -/389-ds-base-1.3.2.18.tar.bz2 -/389-ds-base-1.3.2.19.tar.bz2 -/389-ds-base-1.3.2.20.tar.bz2 -/389-ds-base-1.3.2.21.tar.bz2 -/389-ds-base-1.3.2.22.tar.bz2 -/389-ds-base-1.3.2.23.tar.bz2 -/389-ds-base-1.3.3.0.tar.bz2 -/389-ds-base-1.3.3.2.tar.bz2 -/389-ds-base-1.3.3.3.tar.bz2 -/389-ds-base-1.3.3.4.tar.bz2 -/389-ds-base-1.3.3.5.tar.bz2 -/389-ds-base-1.3.3.6.tar.bz2 -/389-ds-base-1.3.3.7.tar.bz2 -/389-ds-base-1.3.3.8.tar.bz2 -/389-ds-base-1.3.3.9.tar.bz2 -/389-ds-base-1.3.3.10.tar.bz2 -/389-ds-base-1.3.3.11.tar.bz2 -/389-ds-base-1.3.3.12.tar.bz2 -/389-ds-base-1.3.4.0.tar.bz2 -/nunc-stans-0.1.3.tar.bz2 -/nunc-stans-0.1.4.tar.bz2 -/389-ds-base-1.3.4.1.tar.bz2 -/nunc-stans-0.1.5.tar.bz2 -/389-ds-base-1.3.4.2.tar.bz2 -/389-ds-base-1.3.4.3.tar.bz2 -/389-ds-base-1.3.4.4.tar.bz2 -/389-ds-base-1.3.4.5.tar.bz2 -/389-ds-base-1.3.4.6.tar.bz2 -/389-ds-base-1.3.4.7.tar.bz2 -/389-ds-base-1.3.4.8.tar.bz2 -/389-ds-base-1.3.5.0.tar.bz2 -/nunc-stans-0.1.8.tar.bz2 -/389-ds-base-1.3.5.1.tar.bz2 -/389-ds-base-1.3.5.3.tar.bz2 -/389-ds-base-1.3.5.4.tar.bz2 -/389-ds-base-1.3.5.5.tar.bz2 -/389-ds-base-1.3.5.6.tar.bz2 -/389-ds-base-1.3.5.10.tar.bz2 -/389-ds-base-1.3.5.11.tar.bz2 -/389-ds-base-1.3.5.12.tar.bz2 -/389-ds-base-1.3.5.13.tar.bz2 -/389-ds-base-1.3.5.14.tar.bz2 -/nunc-stans-0.2.0.tar.bz2 -/389-ds-base-1.3.6.1.tar.bz2 -/389-ds-base-1.3.6.2.tar.bz2 -/389-ds-base-1.3.6.3.tar.bz2 -/389-ds-base-1.3.6.4.tar.bz2 -/389-ds-base-1.3.6.5.tar.bz2 -/389-ds-base-1.3.6.6.tar.bz2 -/389-ds-base-1.3.7.1.tar.bz2 -/389-ds-base-1.3.7.2.tar.bz2 -/389-ds-base-1.3.7.3.tar.bz2 -/389-ds-base-1.3.7.4.tar.bz2 -/389-ds-base-1.4.0.0.tar.bz2 -/389-ds-base-1.4.0.1.tar.bz2 -/389-ds-base-1.4.0.2.tar.bz2 -/389-ds-base-1.4.0.3.tar.bz2 -/389-ds-base-1.4.0.4.tar.bz2 -/389-ds-base-1.4.0.5.tar.bz2 -/389-ds-base-1.4.0.6.tar.bz2 -/389-ds-base-1.4.0.7.tar.bz2 -/389-ds-base-1.4.0.8.tar.bz2 -/389-ds-base-1.4.0.9.tar.bz2 -/389-ds-base-1.4.0.10.tar.bz2 -/jemalloc-5.0.1.tar.bz2 -/389-ds-base-1.4.0.11.tar.bz2 -/jemalloc-5.1.0.tar.bz2 -/389-ds-base-1.4.0.12.tar.bz2 -/389-ds-base-1.4.0.13.tar.bz2 -/389-ds-base-1.4.0.14.tar.bz2 -/389-ds-base-1.4.0.15.tar.bz2 -/389-ds-base-1.4.0.16.tar.bz2 -/389-ds-base-1.4.0.17.tar.bz2 -/389-ds-base-1.4.0.18.tar.bz2 -/389-ds-base-1.4.0.19.tar.bz2 -/389-ds-base-1.4.0.20.tar.bz2 -/389-ds-base-1.4.1.1.tar.bz2 -/389-ds-base-1.4.1.2.tar.bz2 -/389-ds-base-1.4.1.3.tar.bz2 -/389-ds-base-1.4.1.4.tar.bz2 -/389-ds-base-1.4.1.5.tar.bz2 -/jemalloc-5.2.0.tar.bz2 -/389-ds-base-1.4.1.6.tar.bz2 +/389-ds-base-*.tar.bz2 +/jemalloc-*.tar.bz2 +/libdb-5.3.28-59.tar.bz2 diff --git a/0001-Issue-7096-During-replication-online-total-init-the-.patch b/0001-Issue-7096-During-replication-online-total-init-the-.patch new file mode 100644 index 0000000..a5792b6 --- /dev/null +++ b/0001-Issue-7096-During-replication-online-total-init-the-.patch @@ -0,0 +1,318 @@ +From 1c9c535888b9a850095794787d67900b04924a76 Mon Sep 17 00:00:00 2001 +From: tbordaz +Date: Wed, 7 Jan 2026 11:21:12 +0100 +Subject: [PATCH] Issue 7096 - During replication online total init the + function idl_id_is_in_idlist is not scaling with large database (#7145) + +Bug description: + During a online total initialization, the supplier sorts + the candidate list of entries so that the parents are sent before + children entries. + With large DB the ID array used for the sorting is not + scaling. It takes so long to build the candidate list that + the connection gets closed + +Fix description: + Instead of using an ID array, uses a list of ID ranges + +fixes: #7096 + +Reviewed by: Mark Reynolds, Pierre Rogier (Thanks !!) +--- + ldap/servers/slapd/back-ldbm/back-ldbm.h | 12 ++ + ldap/servers/slapd/back-ldbm/idl_common.c | 163 ++++++++++++++++++ + ldap/servers/slapd/back-ldbm/idl_new.c | 30 ++-- + .../servers/slapd/back-ldbm/proto-back-ldbm.h | 3 + + 4 files changed, 189 insertions(+), 19 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h +index 1bc36720d..b187c26bc 100644 +--- a/ldap/servers/slapd/back-ldbm/back-ldbm.h ++++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h +@@ -282,6 +282,18 @@ typedef struct _idlist_set + #define INDIRECT_BLOCK(idl) ((idl)->b_nids == INDBLOCK) + #define IDL_NIDS(idl) (idl ? (idl)->b_nids : (NIDS)0) + ++/* ++ * used by the supplier during online total init ++ * it stores the ranges of ID that are already present ++ * in the candidate list ('parentid>=1') ++ */ ++typedef struct IdRange { ++ ID first; ++ ID last; ++ struct IdRange *next; ++} IdRange_t; ++ ++ + typedef size_t idl_iterator; + + /* small hashtable implementation used in the entry cache -- the table +diff --git a/ldap/servers/slapd/back-ldbm/idl_common.c b/ldap/servers/slapd/back-ldbm/idl_common.c +index fcb0ece4b..fdc9b4e67 100644 +--- a/ldap/servers/slapd/back-ldbm/idl_common.c ++++ b/ldap/servers/slapd/back-ldbm/idl_common.c +@@ -172,6 +172,169 @@ idl_min(IDList *a, IDList *b) + return (a->b_nids > b->b_nids ? b : a); + } + ++/* ++ * This is a faster version of idl_id_is_in_idlist. ++ * idl_id_is_in_idlist uses an array of ID so lookup is expensive ++ * idl_id_is_in_idlist_ranges uses a list of ranges of ID lookup is faster ++ * returns ++ * 1: 'id' is present in idrange_list ++ * 0: 'id' is not present in idrange_list ++ */ ++int ++idl_id_is_in_idlist_ranges(IDList *idl, IdRange_t *idrange_list, ID id) ++{ ++ IdRange_t *range = idrange_list; ++ int found = 0; ++ ++ if (NULL == idl || NOID == id) { ++ return 0; /* not in the list */ ++ } ++ if (ALLIDS(idl)) { ++ return 1; /* in the list */ ++ } ++ ++ for(;range; range = range->next) { ++ if (id > range->last) { ++ /* check if it belongs to the next range */ ++ continue; ++ } ++ if (id >= range->first) { ++ /* It belongs to that range [first..last ] */ ++ found = 1; ++ break; ++ } else { ++ /* this range is after id */ ++ break; ++ } ++ } ++ return found; ++} ++ ++/* This function is used during the online total initialisation ++ * (see next function) ++ * It frees all ranges of ID in the list ++ */ ++void idrange_free(IdRange_t **head) ++{ ++ IdRange_t *curr, *sav; ++ ++ if ((head == NULL) || (*head == NULL)) { ++ return; ++ } ++ curr = *head; ++ sav = NULL; ++ for (; curr;) { ++ sav = curr; ++ curr = curr->next; ++ slapi_ch_free((void *) &sav); ++ } ++ if (sav) { ++ slapi_ch_free((void *) &sav); ++ } ++ *head = NULL; ++} ++ ++/* This function is used during the online total initialisation ++ * Because a MODRDN can move entries under a parent that ++ * has a higher ID we need to sort the IDList so that parents ++ * are sent, to the consumer, before the children are sent. ++ * The sorting with a simple IDlist does not scale instead ++ * a list of IDs ranges is much faster. ++ * In that list we only ADD/lookup ID. ++ */ ++IdRange_t *idrange_add_id(IdRange_t **head, ID id) ++{ ++ if (head == NULL) { ++ slapi_log_err(SLAPI_LOG_ERR, "idrange_add_id", ++ "Can not add ID %d in non defined list\n", id); ++ return NULL; ++ } ++ ++ if (*head == NULL) { ++ /* This is the first range */ ++ IdRange_t *new_range = (IdRange_t *)slapi_ch_malloc(sizeof(IdRange_t)); ++ new_range->first = id; ++ new_range->last = id; ++ new_range->next = NULL; ++ *head = new_range; ++ return *head; ++ } ++ ++ IdRange_t *curr = *head, *prev = NULL; ++ ++ /* First, find if id already falls within any existing range, or it is adjacent to any */ ++ while (curr) { ++ if (id >= curr->first && id <= curr->last) { ++ /* inside a range, nothing to do */ ++ return curr; ++ } ++ ++ if (id == curr->last + 1) { ++ /* Extend this range upwards */ ++ curr->last = id; ++ ++ /* Check for possible merge with next range */ ++ IdRange_t *next = curr->next; ++ if (next && curr->last + 1 >= next->first) { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) merge current with next range [%d..%d]\n", id, curr->first, curr->last); ++ curr->last = (next->last > curr->last) ? next->last : curr->last; ++ curr->next = next->next; ++ slapi_ch_free((void*) &next); ++ } else { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) extend forward current range [%d..%d]\n", id, curr->first, curr->last); ++ } ++ return curr; ++ } ++ ++ if (id + 1 == curr->first) { ++ /* Extend this range downwards */ ++ curr->first = id; ++ ++ /* Check for possible merge with previous range */ ++ if (prev && prev->last + 1 >= curr->first) { ++ prev->last = curr->last; ++ prev->next = curr->next; ++ slapi_ch_free((void *) &curr); ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) merge current with previous range [%d..%d]\n", id, prev->first, prev->last); ++ return prev; ++ } else { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) extend backward current range [%d..%d]\n", id, curr->first, curr->last); ++ return curr; ++ } ++ } ++ ++ /* If id is before the current range, break so we can insert before */ ++ if (id < curr->first) { ++ break; ++ } ++ ++ prev = curr; ++ curr = curr->next; ++ } ++ /* Need to insert a new standalone IdRange */ ++ IdRange_t *new_range = (IdRange_t *)slapi_ch_malloc(sizeof(IdRange_t)); ++ new_range->first = id; ++ new_range->last = id; ++ new_range->next = curr; ++ ++ if (prev) { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) add new range [%d..%d]\n", id, new_range->first, new_range->last); ++ prev->next = new_range; ++ } else { ++ /* Insert at head */ ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) head range [%d..%d]\n", id, new_range->first, new_range->last); ++ *head = new_range; ++ } ++ return *head; ++} ++ ++ + int + idl_id_is_in_idlist(IDList *idl, ID id) + { +diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c +index 5fbcaff2e..2d978353f 100644 +--- a/ldap/servers/slapd/back-ldbm/idl_new.c ++++ b/ldap/servers/slapd/back-ldbm/idl_new.c +@@ -417,7 +417,6 @@ idl_new_range_fetch( + { + int ret = 0; + int ret2 = 0; +- int idl_rc = 0; + dbi_cursor_t cursor = {0}; + IDList *idl = NULL; + dbi_val_t cur_key = {0}; +@@ -436,6 +435,7 @@ idl_new_range_fetch( + size_t leftoverlen = 32; + size_t leftovercnt = 0; + char *index_id = get_index_name(be, db, ai); ++ IdRange_t *idrange_list = NULL; + + + if (NULL == flag_err) { +@@ -578,10 +578,12 @@ idl_new_range_fetch( + * found entry is the one from the suffix + */ + suffix = key; +- idl_rc = idl_append_extend(&idl, id); +- } else if ((key == suffix) || idl_id_is_in_idlist(idl, key)) { ++ idl_append_extend(&idl, id); ++ idrange_add_id(&idrange_list, id); ++ } else if ((key == suffix) || idl_id_is_in_idlist_ranges(idl, idrange_list, key)) { + /* the parent is the suffix or already in idl. */ +- idl_rc = idl_append_extend(&idl, id); ++ idl_append_extend(&idl, id); ++ idrange_add_id(&idrange_list, id); + } else { + /* Otherwise, keep the {key,id} in leftover array */ + if (!leftover) { +@@ -596,13 +598,7 @@ idl_new_range_fetch( + leftovercnt++; + } + } else { +- idl_rc = idl_append_extend(&idl, id); +- } +- if (idl_rc) { +- slapi_log_err(SLAPI_LOG_ERR, "idl_new_range_fetch", +- "Unable to extend id list (err=%d)\n", idl_rc); +- idl_free(&idl); +- goto error; ++ idl_append_extend(&idl, id); + } + + count++; +@@ -695,21 +691,17 @@ error: + + while(remaining > 0) { + for (size_t i = 0; i < leftovercnt; i++) { +- if (leftover[i].key > 0 && idl_id_is_in_idlist(idl, leftover[i].key) != 0) { ++ if (leftover[i].key > 0 && idl_id_is_in_idlist_ranges(idl, idrange_list, leftover[i].key) != 0) { + /* if the leftover key has its parent in the idl */ +- idl_rc = idl_append_extend(&idl, leftover[i].id); +- if (idl_rc) { +- slapi_log_err(SLAPI_LOG_ERR, "idl_new_range_fetch", +- "Unable to extend id list (err=%d)\n", idl_rc); +- idl_free(&idl); +- return NULL; +- } ++ idl_append_extend(&idl, leftover[i].id); ++ idrange_add_id(&idrange_list, leftover[i].id); + leftover[i].key = 0; + remaining--; + } + } + } + slapi_ch_free((void **)&leftover); ++ idrange_free(&idrange_list); + } + slapi_log_err(SLAPI_LOG_FILTER, "idl_new_range_fetch", + "Found %d candidates; error code is: %d\n", +diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +index 91d61098a..30a7aa11f 100644 +--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h ++++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +@@ -217,6 +217,9 @@ ID idl_firstid(IDList *idl); + ID idl_nextid(IDList *idl, ID id); + int idl_init_private(backend *be, struct attrinfo *a); + int idl_release_private(struct attrinfo *a); ++IdRange_t *idrange_add_id(IdRange_t **head, ID id); ++void idrange_free(IdRange_t **head); ++int idl_id_is_in_idlist_ranges(IDList *idl, IdRange_t *idrange_list, ID id); + int idl_id_is_in_idlist(IDList *idl, ID id); + + idl_iterator idl_iterator_init(const IDList *idl); +-- +2.52.0 + diff --git a/0002-Issue-Revise-paged-result-search-locking.patch b/0002-Issue-Revise-paged-result-search-locking.patch new file mode 100644 index 0000000..e27ced3 --- /dev/null +++ b/0002-Issue-Revise-paged-result-search-locking.patch @@ -0,0 +1,765 @@ +From 446bc42e7b64a8496c2c3fe486f86bba318bed5e Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 7 Jan 2026 16:55:27 -0500 +Subject: [PATCH] Issue - Revise paged result search locking + +Description: + +Move to a single lock approach verses having two locks. This will impact +concurrency when multiple async paged result searches are done on the same +connection, but it simplifies the code and avoids race conditions and +deadlocks. + +Relates: https://github.com/389ds/389-ds-base/issues/7118 + +Reviewed by: progier & tbordaz (Thanks!!) +--- + ldap/servers/slapd/abandon.c | 2 +- + ldap/servers/slapd/opshared.c | 60 ++++---- + ldap/servers/slapd/pagedresults.c | 228 +++++++++++++++++++----------- + ldap/servers/slapd/proto-slap.h | 26 ++-- + ldap/servers/slapd/slap.h | 5 +- + 5 files changed, 187 insertions(+), 134 deletions(-) + +diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c +index 6024fcd31..1f47c531c 100644 +--- a/ldap/servers/slapd/abandon.c ++++ b/ldap/servers/slapd/abandon.c +@@ -179,7 +179,7 @@ do_abandon(Slapi_PBlock *pb) + logpb.tv_sec = -1; + logpb.tv_nsec = -1; + +- if (0 == pagedresults_free_one_msgid(pb_conn, id, pageresult_lock_get_addr(pb_conn))) { ++ if (0 == pagedresults_free_one_msgid(pb_conn, id, PR_NOT_LOCKED)) { + if (log_format != LOG_FORMAT_DEFAULT) { + /* JSON logging */ + logpb.target_op = "Simple Paged Results"; +diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c +index a5cddfd23..bf800f7dc 100644 +--- a/ldap/servers/slapd/opshared.c ++++ b/ldap/servers/slapd/opshared.c +@@ -572,8 +572,8 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + be = be_list[index]; + } + } +- pr_search_result = pagedresults_get_search_result(pb_conn, operation, 0 /*not locked*/, pr_idx); +- estimate = pagedresults_get_search_result_set_size_estimate(pb_conn, operation, pr_idx); ++ pr_search_result = pagedresults_get_search_result(pb_conn, operation, PR_NOT_LOCKED, pr_idx); ++ estimate = pagedresults_get_search_result_set_size_estimate(pb_conn, operation, PR_NOT_LOCKED, pr_idx); + /* Set operation note flags as required. */ + if (pagedresults_get_unindexed(pb_conn, operation, pr_idx)) { + slapi_pblock_set_flag_operation_notes(pb, SLAPI_OP_NOTE_UNINDEXED); +@@ -619,14 +619,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + int32_t tlimit; + slapi_pblock_get(pb, SLAPI_SEARCH_TIMELIMIT, &tlimit); + pagedresults_set_timelimit(pb_conn, operation, (time_t)tlimit, pr_idx); +- /* When using this mutex in conjunction with the main paged +- * result lock, you must do so in this order: +- * +- * --> pagedresults_lock() +- * --> pagedresults_mutex +- * <-- pagedresults_mutex +- * <-- pagedresults_unlock() +- */ ++ /* IMPORTANT: Never acquire pagedresults_mutex when holding c_mutex. */ + pagedresults_mutex = pageresult_lock_get_addr(pb_conn); + } + +@@ -743,17 +736,15 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + if (op_is_pagedresults(operation) && pr_search_result) { + void *sr = NULL; + /* PAGED RESULTS and already have the search results from the prev op */ +- pagedresults_lock(pb_conn, pr_idx); + /* + * In async paged result case, the search result might be released + * by other theads. We need to double check it in the locked region. + */ + pthread_mutex_lock(pagedresults_mutex); +- pr_search_result = pagedresults_get_search_result(pb_conn, operation, 1 /*locked*/, pr_idx); ++ pr_search_result = pagedresults_get_search_result(pb_conn, operation, PR_LOCKED, pr_idx); + if (pr_search_result) { +- if (pagedresults_is_abandoned_or_notavailable(pb_conn, 1 /*locked*/, pr_idx)) { ++ if (pagedresults_is_abandoned_or_notavailable(pb_conn, PR_LOCKED, pr_idx)) { + pthread_mutex_unlock(pagedresults_mutex); +- pagedresults_unlock(pb_conn, pr_idx); + /* Previous operation was abandoned and the simplepaged object is not in use. */ + send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); + rc = LDAP_SUCCESS; +@@ -764,14 +755,13 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + + /* search result could be reset in the backend/dse */ + slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); +- pagedresults_set_search_result(pb_conn, operation, sr, 1 /*locked*/, pr_idx); ++ pagedresults_set_search_result(pb_conn, operation, sr, PR_LOCKED, pr_idx); + } + } else { + pr_stat = PAGEDRESULTS_SEARCH_END; + rc = LDAP_SUCCESS; + } + pthread_mutex_unlock(pagedresults_mutex); +- pagedresults_unlock(pb_conn, pr_idx); + + if ((PAGEDRESULTS_SEARCH_END == pr_stat) || (0 == pnentries)) { + /* no more entries to send in the backend */ +@@ -789,22 +779,22 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } + pagedresults_set_response_control(pb, 0, estimate, + curr_search_count, pr_idx); +- if (pagedresults_get_with_sort(pb_conn, operation, pr_idx)) { ++ if (pagedresults_get_with_sort(pb_conn, operation, PR_NOT_LOCKED, pr_idx)) { + sort_make_sort_response_control(pb, CONN_GET_SORT_RESULT_CODE, NULL); + } + pagedresults_set_search_result_set_size_estimate(pb_conn, + operation, +- estimate, pr_idx); ++ estimate, PR_NOT_LOCKED, pr_idx); + if (PAGEDRESULTS_SEARCH_END == pr_stat) { +- pagedresults_lock(pb_conn, pr_idx); ++ pthread_mutex_lock(pagedresults_mutex); + slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); +- if (!pagedresults_is_abandoned_or_notavailable(pb_conn, 0 /*not locked*/, pr_idx)) { +- pagedresults_free_one(pb_conn, operation, pr_idx); ++ if (!pagedresults_is_abandoned_or_notavailable(pb_conn, PR_LOCKED, pr_idx)) { ++ pagedresults_free_one(pb_conn, operation, PR_LOCKED, pr_idx); + } +- pagedresults_unlock(pb_conn, pr_idx); ++ pthread_mutex_unlock(pagedresults_mutex); + if (next_be) { + /* no more entries, but at least another backend */ +- if (pagedresults_set_current_be(pb_conn, next_be, pr_idx, 0) < 0) { ++ if (pagedresults_set_current_be(pb_conn, next_be, pr_idx, PR_NOT_LOCKED) < 0) { + goto free_and_return; + } + } +@@ -915,7 +905,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } + } + pagedresults_set_search_result(pb_conn, operation, NULL, 1, pr_idx); +- rc = pagedresults_set_current_be(pb_conn, NULL, pr_idx, 1); ++ rc = pagedresults_set_current_be(pb_conn, NULL, pr_idx, PR_LOCKED); + pthread_mutex_unlock(pagedresults_mutex); + #pragma GCC diagnostic pop + } +@@ -954,7 +944,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + pthread_mutex_lock(pagedresults_mutex); + pagedresults_set_search_result(pb_conn, operation, NULL, 1, pr_idx); + be->be_search_results_release(&sr); +- rc = pagedresults_set_current_be(pb_conn, next_be, pr_idx, 1); ++ rc = pagedresults_set_current_be(pb_conn, next_be, pr_idx, PR_LOCKED); + pthread_mutex_unlock(pagedresults_mutex); + pr_stat = PAGEDRESULTS_SEARCH_END; /* make sure stat is SEARCH_END */ + if (NULL == next_be) { +@@ -967,23 +957,23 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } else { + curr_search_count = pnentries; + slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate); +- pagedresults_lock(pb_conn, pr_idx); +- if ((pagedresults_set_current_be(pb_conn, be, pr_idx, 0) < 0) || +- (pagedresults_set_search_result(pb_conn, operation, sr, 0, pr_idx) < 0) || +- (pagedresults_set_search_result_count(pb_conn, operation, curr_search_count, pr_idx) < 0) || +- (pagedresults_set_search_result_set_size_estimate(pb_conn, operation, estimate, pr_idx) < 0) || +- (pagedresults_set_with_sort(pb_conn, operation, with_sort, pr_idx) < 0)) { +- pagedresults_unlock(pb_conn, pr_idx); ++ pthread_mutex_lock(pagedresults_mutex); ++ if ((pagedresults_set_current_be(pb_conn, be, pr_idx, PR_LOCKED) < 0) || ++ (pagedresults_set_search_result(pb_conn, operation, sr, PR_LOCKED, pr_idx) < 0) || ++ (pagedresults_set_search_result_count(pb_conn, operation, curr_search_count, PR_LOCKED, pr_idx) < 0) || ++ (pagedresults_set_search_result_set_size_estimate(pb_conn, operation, estimate, PR_LOCKED, pr_idx) < 0) || ++ (pagedresults_set_with_sort(pb_conn, operation, with_sort, PR_LOCKED, pr_idx) < 0)) { ++ pthread_mutex_unlock(pagedresults_mutex); + cache_return_target_entry(pb, be, operation); + goto free_and_return; + } +- pagedresults_unlock(pb_conn, pr_idx); ++ pthread_mutex_unlock(pagedresults_mutex); + } + slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); + next_be = NULL; /* to break the loop */ + if (operation->o_status & SLAPI_OP_STATUS_ABANDONED) { + /* It turned out this search was abandoned. */ +- pagedresults_free_one_msgid(pb_conn, operation->o_msgid, pagedresults_mutex); ++ pagedresults_free_one_msgid(pb_conn, operation->o_msgid, PR_NOT_LOCKED); + /* paged-results-request was abandoned; making an empty cookie. */ + pagedresults_set_response_control(pb, 0, estimate, -1, pr_idx); + send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); +@@ -993,7 +983,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } + pagedresults_set_response_control(pb, 0, estimate, curr_search_count, pr_idx); + if (curr_search_count == -1) { +- pagedresults_free_one(pb_conn, operation, pr_idx); ++ pagedresults_free_one(pb_conn, operation, PR_NOT_LOCKED, pr_idx); + } + } + +diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c +index 941ab97e3..0d6c4a1aa 100644 +--- a/ldap/servers/slapd/pagedresults.c ++++ b/ldap/servers/slapd/pagedresults.c +@@ -34,9 +34,9 @@ pageresult_lock_cleanup() + slapi_ch_free((void**)&lock_hash); + } + +-/* Beware to the lock order with c_mutex: +- * c_mutex is sometime locked while holding pageresult_lock +- * ==> Do not lock pageresult_lock when holing c_mutex ++/* Lock ordering constraint with c_mutex: ++ * c_mutex is sometimes locked while holding pageresult_lock. ++ * Therefore: DO NOT acquire pageresult_lock when holding c_mutex. + */ + pthread_mutex_t * + pageresult_lock_get_addr(Connection *conn) +@@ -44,7 +44,11 @@ pageresult_lock_get_addr(Connection *conn) + return &lock_hash[(((size_t)conn)/sizeof (Connection))%LOCK_HASH_SIZE]; + } + +-/* helper function to clean up one prp slot */ ++/* helper function to clean up one prp slot ++ * ++ * NOTE: This function must be called while holding the pageresult_lock ++ * (via pageresult_lock_get_addr(conn)) to ensure thread-safe cleanup. ++ */ + static void + _pr_cleanup_one_slot(PagedResults *prp) + { +@@ -56,7 +60,7 @@ _pr_cleanup_one_slot(PagedResults *prp) + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); + } + +- /* clean up the slot except the mutex */ ++ /* clean up the slot */ + prp->pr_current_be = NULL; + prp->pr_search_result_set = NULL; + prp->pr_search_result_count = 0; +@@ -136,6 +140,8 @@ pagedresults_parse_control_value(Slapi_PBlock *pb, + return LDAP_UNWILLING_TO_PERFORM; + } + ++ /* Acquire hash-based lock for paged results list access ++ * IMPORTANT: Never acquire this lock when holding c_mutex */ + pthread_mutex_lock(pageresult_lock_get_addr(conn)); + /* the ber encoding is no longer needed */ + ber_free(ber, 1); +@@ -184,10 +190,6 @@ pagedresults_parse_control_value(Slapi_PBlock *pb, + goto bail; + } + +- if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen) && +- !conn->c_pagedresults.prl_list[*index].pr_mutex) { +- conn->c_pagedresults.prl_list[*index].pr_mutex = PR_NewLock(); +- } + conn->c_pagedresults.prl_count++; + } else { + /* Repeated paged results request. +@@ -327,8 +329,14 @@ bailout: + "<= idx=%d\n", index); + } + ++/* ++ * Free one paged result entry by index. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_free_one(Connection *conn, Operation *op, int index) ++pagedresults_free_one(Connection *conn, Operation *op, bool locked, int index) + { + int rc = -1; + +@@ -338,7 +346,9 @@ pagedresults_free_one(Connection *conn, Operation *op, int index) + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_free_one", + "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (conn->c_pagedresults.prl_count <= 0) { + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_free_one", + "conn=%" PRIu64 " paged requests list count is %d\n", +@@ -349,7 +359,9 @@ pagedresults_free_one(Connection *conn, Operation *op, int index) + conn->c_pagedresults.prl_count--; + rc = 0; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_free_one", "<= %d\n", rc); +@@ -357,21 +369,28 @@ pagedresults_free_one(Connection *conn, Operation *op, int index) + } + + /* +- * Used for abandoning - pageresult_lock_get_addr(conn) is already locked in do_abandone. ++ * Free one paged result entry by message ID. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. + */ + int +-pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t *mutex) ++pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, bool locked) + { + int rc = -1; + int i; ++ pthread_mutex_t *lock = NULL; + + if (conn && (msgid > -1)) { + if (conn->c_pagedresults.prl_maxlen <= 0) { + ; /* Not a paged result. */ + } else { + slapi_log_err(SLAPI_LOG_TRACE, +- "pagedresults_free_one_msgid_nolock", "=> msgid=%d\n", msgid); +- pthread_mutex_lock(mutex); ++ "pagedresults_free_one_msgid", "=> msgid=%d\n", msgid); ++ lock = pageresult_lock_get_addr(conn); ++ if (!locked) { ++ pthread_mutex_lock(lock); ++ } + for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) { + if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) { + PagedResults *prp = conn->c_pagedresults.prl_list + i; +@@ -390,9 +409,11 @@ pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t * + break; + } + } +- pthread_mutex_unlock(mutex); ++ if (!locked) { ++ pthread_mutex_unlock(lock); ++ } + slapi_log_err(SLAPI_LOG_TRACE, +- "pagedresults_free_one_msgid_nolock", "<= %d\n", rc); ++ "pagedresults_free_one_msgid", "<= %d\n", rc); + } + } + +@@ -418,29 +439,43 @@ pagedresults_get_current_be(Connection *conn, int index) + return be; + } + ++/* ++ * Set current backend for a paged result entry. ++ * ++ * Locking: If locked=false, acquires pageresult_lock. If locked=true, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock) ++pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, bool locked) + { + int rc = -1; + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_current_be", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- if (!nolock) ++ if (!locked) { + pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + conn->c_pagedresults.prl_list[index].pr_current_be = be; + } + rc = 0; +- if (!nolock) ++ if (!locked) { + pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_current_be", "<= %d\n", rc); + return rc; + } + ++/* ++ * Get search result set for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + void * +-pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index) ++pagedresults_get_search_result(Connection *conn, Operation *op, bool locked, int index) + { + void *sr = NULL; + if (!op_is_pagedresults(op)) { +@@ -465,8 +500,14 @@ pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int + return sr; + } + ++/* ++ * Set search result set for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index) ++pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, bool locked, int index) + { + int rc = -1; + if (!op_is_pagedresults(op)) { +@@ -494,8 +535,14 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int lo + return rc; + } + ++/* ++ * Get search result count for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_get_search_result_count(Connection *conn, Operation *op, int index) ++pagedresults_get_search_result_count(Connection *conn, Operation *op, bool locked, int index) + { + int count = 0; + if (!op_is_pagedresults(op)) { +@@ -504,19 +551,29 @@ pagedresults_get_search_result_count(Connection *conn, Operation *op, int index) + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_search_result_count", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + count = conn->c_pagedresults.prl_list[index].pr_search_result_count; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_search_result_count", "<= %d\n", count); + return count; + } + ++/* ++ * Set search result count for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, int index) ++pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, bool locked, int index) + { + int rc = -1; + if (!op_is_pagedresults(op)) { +@@ -525,11 +582,15 @@ pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_search_result_count", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + conn->c_pagedresults.prl_list[index].pr_search_result_count = count; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + rc = 0; + } + slapi_log_err(SLAPI_LOG_TRACE, +@@ -537,9 +598,16 @@ pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, + return rc; + } + ++/* ++ * Get search result set size estimate for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int + pagedresults_get_search_result_set_size_estimate(Connection *conn, + Operation *op, ++ bool locked, + int index) + { + int count = 0; +@@ -550,11 +618,15 @@ pagedresults_get_search_result_set_size_estimate(Connection *conn, + "pagedresults_get_search_result_set_size_estimate", + "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + count = conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_search_result_set_size_estimate", "<= %d\n", +@@ -562,10 +634,17 @@ pagedresults_get_search_result_set_size_estimate(Connection *conn, + return count; + } + ++/* ++ * Set search result set size estimate for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int + pagedresults_set_search_result_set_size_estimate(Connection *conn, + Operation *op, + int count, ++ bool locked, + int index) + { + int rc = -1; +@@ -576,11 +655,15 @@ pagedresults_set_search_result_set_size_estimate(Connection *conn, + "pagedresults_set_search_result_set_size_estimate", + "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate = count; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + rc = 0; + } + slapi_log_err(SLAPI_LOG_TRACE, +@@ -589,8 +672,14 @@ pagedresults_set_search_result_set_size_estimate(Connection *conn, + return rc; + } + ++/* ++ * Get with_sort flag for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_get_with_sort(Connection *conn, Operation *op, int index) ++pagedresults_get_with_sort(Connection *conn, Operation *op, bool locked, int index) + { + int flags = 0; + if (!op_is_pagedresults(op)) { +@@ -599,19 +688,29 @@ pagedresults_get_with_sort(Connection *conn, Operation *op, int index) + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_with_sort", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + flags = conn->c_pagedresults.prl_list[index].pr_flags & CONN_FLAG_PAGEDRESULTS_WITH_SORT; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_with_sort", "<= %d\n", flags); + return flags; + } + ++/* ++ * Set with_sort flag for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, int index) ++pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, bool locked, int index) + { + int rc = -1; + if (!op_is_pagedresults(op)) { +@@ -620,14 +719,18 @@ pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, int index + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_with_sort", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + if (flags & OP_FLAG_SERVER_SIDE_SORTING) { + conn->c_pagedresults.prl_list[index].pr_flags |= + CONN_FLAG_PAGEDRESULTS_WITH_SORT; + } + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + rc = 0; + } + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_set_with_sort", "<= %d\n", rc); +@@ -802,10 +905,6 @@ pagedresults_cleanup(Connection *conn, int needlock) + rc = 1; + } + prp->pr_current_be = NULL; +- if (prp->pr_mutex) { +- PR_DestroyLock(prp->pr_mutex); +- prp->pr_mutex = NULL; +- } + memset(prp, '\0', sizeof(PagedResults)); + } + conn->c_pagedresults.prl_count = 0; +@@ -840,10 +939,6 @@ pagedresults_cleanup_all(Connection *conn, int needlock) + i < conn->c_pagedresults.prl_maxlen; + i++) { + prp = conn->c_pagedresults.prl_list + i; +- if (prp->pr_mutex) { +- PR_DestroyLock(prp->pr_mutex); +- prp->pr_mutex = NULL; +- } + if (prp->pr_current_be && prp->pr_search_result_set && + prp->pr_current_be->be_search_results_release) { + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); +@@ -1010,43 +1105,8 @@ op_set_pagedresults(Operation *op) + op->o_flags |= OP_FLAG_PAGED_RESULTS; + } + +-/* +- * pagedresults_lock/unlock -- introduced to protect search results for the +- * asynchronous searches. Do not call these functions while the PR conn lock +- * is held (e.g. pageresult_lock_get_addr(conn)) +- */ +-void +-pagedresults_lock(Connection *conn, int index) +-{ +- PagedResults *prp; +- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { +- return; +- } +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); +- prp = conn->c_pagedresults.prl_list + index; +- if (prp->pr_mutex) { +- PR_Lock(prp->pr_mutex); +- } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); +-} +- +-void +-pagedresults_unlock(Connection *conn, int index) +-{ +- PagedResults *prp; +- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { +- return; +- } +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); +- prp = conn->c_pagedresults.prl_list + index; +- if (prp->pr_mutex) { +- PR_Unlock(prp->pr_mutex); +- } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); +-} +- + int +-pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index) ++pagedresults_is_abandoned_or_notavailable(Connection *conn, bool locked, int index) + { + PagedResults *prp; + int32_t result; +@@ -1066,7 +1126,7 @@ pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int inde + } + + int +-pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked) ++pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, bool locked) + { + int rc = -1; + Connection *conn = NULL; +diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h +index 765c12bf5..455d6d718 100644 +--- a/ldap/servers/slapd/proto-slap.h ++++ b/ldap/servers/slapd/proto-slap.h +@@ -1614,20 +1614,22 @@ pthread_mutex_t *pageresult_lock_get_addr(Connection *conn); + int pagedresults_parse_control_value(Slapi_PBlock *pb, struct berval *psbvp, ber_int_t *pagesize, int *index, Slapi_Backend *be); + void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical, ber_int_t estimate, int curr_search_count, int index); + Slapi_Backend *pagedresults_get_current_be(Connection *conn, int index); +-int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock); +-void *pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index); +-int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index); +-int pagedresults_get_search_result_count(Connection *conn, Operation *op, int index); +-int pagedresults_set_search_result_count(Connection *conn, Operation *op, int cnt, int index); ++int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, bool locked); ++void *pagedresults_get_search_result(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, bool locked, int index); ++int pagedresults_get_search_result_count(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_set_search_result_count(Connection *conn, Operation *op, int cnt, bool locked, int index); + int pagedresults_get_search_result_set_size_estimate(Connection *conn, + Operation *op, ++ bool locked, + int index); + int pagedresults_set_search_result_set_size_estimate(Connection *conn, + Operation *op, + int cnt, ++ bool locked, + int index); +-int pagedresults_get_with_sort(Connection *conn, Operation *op, int index); +-int pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, int index); ++int pagedresults_get_with_sort(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, bool locked, int index); + int pagedresults_get_unindexed(Connection *conn, Operation *op, int index); + int pagedresults_set_unindexed(Connection *conn, Operation *op, int index); + int pagedresults_get_sort_result_code(Connection *conn, Operation *op, int index); +@@ -1639,15 +1641,13 @@ int pagedresults_cleanup(Connection *conn, int needlock); + int pagedresults_is_timedout_nolock(Connection *conn); + int pagedresults_reset_timedout_nolock(Connection *conn); + int pagedresults_in_use_nolock(Connection *conn); +-int pagedresults_free_one(Connection *conn, Operation *op, int index); +-int pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t *mutex); ++int pagedresults_free_one(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, bool locked); + int op_is_pagedresults(Operation *op); + int pagedresults_cleanup_all(Connection *conn, int needlock); + void op_set_pagedresults(Operation *op); +-void pagedresults_lock(Connection *conn, int index); +-void pagedresults_unlock(Connection *conn, int index); +-int pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index); +-int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked); ++int pagedresults_is_abandoned_or_notavailable(Connection *conn, bool locked, int index); ++int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, bool locked); + + /* + * sort.c +diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h +index 11c5602e3..d494931c2 100644 +--- a/ldap/servers/slapd/slap.h ++++ b/ldap/servers/slapd/slap.h +@@ -89,6 +89,10 @@ static char ptokPBE[34] = "Internal (Software) Token "; + #include + #include /* For timespec definitions */ + ++/* Macros for paged results lock parameter */ ++#define PR_LOCKED true ++#define PR_NOT_LOCKED false ++ + /* Provides our int types and platform specific requirements. */ + #include + +@@ -1669,7 +1673,6 @@ typedef struct _paged_results + struct timespec pr_timelimit_hr; /* expiry time of this request rel to clock monotonic */ + int pr_flags; + ber_int_t pr_msgid; /* msgid of the request; to abandon */ +- PRLock *pr_mutex; /* protect each conn structure */ + } PagedResults; + + /* array of simple paged structure stashed in connection */ +-- +2.52.0 + diff --git a/0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch b/0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch new file mode 100644 index 0000000..bb2127c --- /dev/null +++ b/0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch @@ -0,0 +1,183 @@ +From 4936f953fa3b0726c2b178f135cd78dcac7463ba Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Thu, 8 Jan 2026 10:02:39 -0800 +Subject: [PATCH] Issue 7108 - Fix shutdown crash in entry cache destruction + (#7163) + +Description: The entry cache could experience LRU list corruption when +using pinned entries, leading to crashes during cache flush operations. + +In entrycache_add_int(), when returning an existing cached entry, the +code checked the wrong entry's state before calling lru_delete(). It +checked the new entry 'e' but operated on the existing entry 'my_alt', +causing lru_delete() to be called on entries not in the LRU list. This +is fixed by checking my_alt's refcnt and pinned state instead. + +In flush_hash(), pinned_remove() and lru_delete() were both called on +pinned entries. Since pinned entries are in the pinned list, calling +lru_delete() afterwards corrupted the list. This is fixed by calling +either pinned_remove() or lru_delete() based on the entry's state. + +A NULL check is added in entrycache_flush() and dncache_flush() to +gracefully handle corrupted LRU lists and prevent crashes when +traversing backwards through the list encounters an unexpected NULL. + +Entry pointers are now always cleared after lru_delete() removal to +prevent stale pointer issues in non-debug builds. + +Fixes: https://github.com/389ds/389-ds-base/issues/7108 + +Reviewed by: @progier389, @vashirov (Thanks!!) +--- + ldap/servers/slapd/back-ldbm/cache.c | 48 +++++++++++++++++++++++++--- + 1 file changed, 43 insertions(+), 5 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/cache.c b/ldap/servers/slapd/back-ldbm/cache.c +index 2e4126134..a87f30687 100644 +--- a/ldap/servers/slapd/back-ldbm/cache.c ++++ b/ldap/servers/slapd/back-ldbm/cache.c +@@ -458,11 +458,13 @@ static void + lru_delete(struct cache *cache, void *ptr) + { + struct backcommon *e; ++ + if (NULL == ptr) { + LOG("=> lru_delete\n<= lru_delete (null entry)\n"); + return; + } + e = (struct backcommon *)ptr; ++ + #ifdef LDAP_CACHE_DEBUG_LRU + pinned_verify(cache, __LINE__); + lru_verify(cache, e, 1); +@@ -475,8 +477,9 @@ lru_delete(struct cache *cache, void *ptr) + e->ep_lrunext->ep_lruprev = e->ep_lruprev; + else + cache->c_lrutail = e->ep_lruprev; +-#ifdef LDAP_CACHE_DEBUG_LRU ++ /* Always clear pointers after removal to prevent stale pointer issues */ + e->ep_lrunext = e->ep_lruprev = NULL; ++#ifdef LDAP_CACHE_DEBUG_LRU + lru_verify(cache, e, 0); + #endif + } +@@ -633,9 +636,14 @@ flush_hash(struct cache *cache, struct timespec *start_time, int32_t type) + if (entry->ep_refcnt == 0) { + entry->ep_refcnt++; + if (entry->ep_state & ENTRY_STATE_PINNED) { ++ /* Entry is in pinned list, not LRU - remove from pinned only. ++ * pinned_remove clears lru pointers and won't add to LRU since refcnt > 0. ++ */ + pinned_remove(cache, laste); ++ } else { ++ /* Entry is in LRU list - remove from LRU */ ++ lru_delete(cache, laste); + } +- lru_delete(cache, laste); + if (type == ENTRY_CACHE) { + entrycache_remove_int(cache, laste); + entrycache_return(cache, (struct backentry **)&laste, PR_TRUE); +@@ -679,9 +687,14 @@ flush_hash(struct cache *cache, struct timespec *start_time, int32_t type) + if (entry->ep_refcnt == 0) { + entry->ep_refcnt++; + if (entry->ep_state & ENTRY_STATE_PINNED) { ++ /* Entry is in pinned list, not LRU - remove from pinned only. ++ * pinned_remove clears lru pointers and won't add to LRU since refcnt > 0. ++ */ + pinned_remove(cache, laste); ++ } else { ++ /* Entry is in LRU list - remove from LRU */ ++ lru_delete(cache, laste); + } +- lru_delete(cache, laste); + entrycache_remove_int(cache, laste); + entrycache_return(cache, (struct backentry **)&laste, PR_TRUE); + } else { +@@ -772,6 +785,11 @@ entrycache_flush(struct cache *cache) + } else { + e = BACK_LRU_PREV(e, struct backentry *); + } ++ if (e == NULL) { ++ slapi_log_err(SLAPI_LOG_WARNING, "entrycache_flush", ++ "Unexpected NULL entry while flushing cache - LRU list may be corrupted\n"); ++ break; ++ } + ASSERT(e->ep_refcnt == 0); + e->ep_refcnt++; + if (entrycache_remove_int(cache, e) < 0) { +@@ -1160,6 +1178,7 @@ pinned_remove(struct cache *cache, void *ptr) + { + struct backentry *e = (struct backentry *)ptr; + ASSERT(e->ep_state & ENTRY_STATE_PINNED); ++ + cache->c_pinned_ctx->npinned--; + cache->c_pinned_ctx->size -= e->ep_size; + e->ep_state &= ~ENTRY_STATE_PINNED; +@@ -1172,13 +1191,23 @@ pinned_remove(struct cache *cache, void *ptr) + cache->c_pinned_ctx->head = cache->c_pinned_ctx->tail = NULL; + } else { + cache->c_pinned_ctx->head = BACK_LRU_NEXT(e, struct backentry *); ++ /* Update new head's prev pointer to NULL */ ++ if (cache->c_pinned_ctx->head) { ++ cache->c_pinned_ctx->head->ep_lruprev = NULL; ++ } + } + } else if (cache->c_pinned_ctx->tail == e) { + cache->c_pinned_ctx->tail = BACK_LRU_PREV(e, struct backentry *); ++ /* Update new tail's next pointer to NULL */ ++ if (cache->c_pinned_ctx->tail) { ++ cache->c_pinned_ctx->tail->ep_lrunext = NULL; ++ } + } else { ++ /* Middle of list: update both neighbors to point to each other */ + BACK_LRU_PREV(e, struct backentry *)->ep_lrunext = BACK_LRU_NEXT(e, struct backcommon *); + BACK_LRU_NEXT(e, struct backentry *)->ep_lruprev = BACK_LRU_PREV(e, struct backcommon *); + } ++ /* Clear the removed entry's pointers */ + e->ep_lrunext = e->ep_lruprev = NULL; + if (e->ep_refcnt == 0) { + lru_add(cache, ptr); +@@ -1245,6 +1274,7 @@ pinned_add(struct cache *cache, void *ptr) + return false; + } + /* Now it is time to insert the entry in the pinned list */ ++ + cache->c_pinned_ctx->npinned++; + cache->c_pinned_ctx->size += e->ep_size; + e->ep_state |= ENTRY_STATE_PINNED; +@@ -1754,7 +1784,7 @@ entrycache_add_int(struct cache *cache, struct backentry *e, int state, struct b + * 3) ep_state: 0 && state: 0 + * ==> increase the refcnt + */ +- if (e->ep_refcnt == 0) ++ if (e->ep_refcnt == 0 && (e->ep_state & ENTRY_STATE_PINNED) == 0) + lru_delete(cache, (void *)e); + e->ep_refcnt++; + e->ep_state &= ~ENTRY_STATE_UNAVAILABLE; +@@ -1781,7 +1811,7 @@ entrycache_add_int(struct cache *cache, struct backentry *e, int state, struct b + } else { + if (alt) { + *alt = my_alt; +- if (e->ep_refcnt == 0 && (e->ep_state & ENTRY_STATE_PINNED) == 0) ++ if (my_alt->ep_refcnt == 0 && (my_alt->ep_state & ENTRY_STATE_PINNED) == 0) + lru_delete(cache, (void *)*alt); + (*alt)->ep_refcnt++; + LOG("the entry %s already exists. returning existing entry %s (state: 0x%x)\n", +@@ -2379,6 +2409,14 @@ dncache_flush(struct cache *cache) + } else { + dn = BACK_LRU_PREV(dn, struct backdn *); + } ++ if (dn == NULL) { ++ /* Safety check: we should normally exit via the CACHE_LRU_HEAD check. ++ * If we get here, c_lruhead may be NULL or the LRU list is corrupted. ++ */ ++ slapi_log_err(SLAPI_LOG_WARNING, "dncache_flush", ++ "Unexpected NULL entry while flushing cache - LRU list may be corrupted\n"); ++ break; ++ } + ASSERT(dn->ep_refcnt == 0); + dn->ep_refcnt++; + if (dncache_remove_int(cache, dn) < 0) { +-- +2.52.0 + diff --git a/0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch b/0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch new file mode 100644 index 0000000..2ea800b --- /dev/null +++ b/0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch @@ -0,0 +1,215 @@ +From 742c12e0247ab64e87da000a4de2f3e5c99044ab Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Fri, 9 Jan 2026 11:39:50 +0100 +Subject: [PATCH] Issue 7172 - Index ordering mismatch after upgrade (#7173) + +Bug Description: +Commit daf731f55071d45eaf403a52b63d35f4e699ff28 introduced a regression. +After upgrading to a version that adds `integerOrderingMatch` matching +rule to `parentid` and `ancestorid` indexes, searches may return empty +or incorrect results. + +This happens because the existing index data was created with +lexicographic ordering, but the new compare function expects integer +ordering. Index lookups fail because the compare function doesn't match +the data ordering. +The root cause is that `ldbm_instance_create_default_indexes()` calls +`attr_index_config()` unconditionally for `parentid` and `ancestorid` +indexes, which triggers `ainfo_dup()` to overwrite `ai_key_cmp_fn` on +existing indexes. This breaks indexes that were created without the +`integerOrderingMatch` matching rule. + +Fix Description: +* Call `attr_index_config()` for `parentid` and `ancestorid` indexes +only if index config doesn't exist. + +* Add `upgrade_check_id_index_matching_rule()` that logs an error on +server startup if `parentid` or `ancestorid` indexes are missing the +integerOrderingMatch matching rule, advising administrators to reindex. + +Fixes: https://github.com/389ds/389-ds-base/issues/7172 + +Reviewed by: @tbordaz, @progier389, @droideck (Thanks!) +--- + ldap/servers/slapd/back-ldbm/instance.c | 25 ++++-- + ldap/servers/slapd/upgrade.c | 107 +++++++++++++++++++++++- + 2 files changed, 123 insertions(+), 9 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c +index cb002c379..71bf0f6fa 100644 +--- a/ldap/servers/slapd/back-ldbm/instance.c ++++ b/ldap/servers/slapd/back-ldbm/instance.c +@@ -190,6 +190,7 @@ ldbm_instance_create_default_indexes(backend *be) + char *ancestorid_indexes_limit = NULL; + char *parentid_indexes_limit = NULL; + struct attrinfo *ai = NULL; ++ struct attrinfo *index_already_configured = NULL; + struct index_idlistsizeinfo *iter; + int cookie; + int limit; +@@ -248,10 +249,14 @@ ldbm_instance_create_default_indexes(backend *be) + ldbm_instance_config_add_index_entry(inst, e, flags); + slapi_entry_free(e); + +- e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR, "eq", 0, 0, 0, "integerOrderingMatch", parentid_indexes_limit); +- ldbm_instance_config_add_index_entry(inst, e, flags); +- attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); +- slapi_entry_free(e); ++ ainfo_get(be, (char *)LDBM_PARENTID_STR, &ai); ++ index_already_configured = ai; ++ if (!index_already_configured) { ++ e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR, "eq", 0, 0, 0, "integerOrderingMatch", parentid_indexes_limit); ++ ldbm_instance_config_add_index_entry(inst, e, flags); ++ attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); ++ slapi_entry_free(e); ++ } + + e = ldbm_instance_init_config_entry("objectclass", "eq", 0, 0, 0, 0, 0); + ldbm_instance_config_add_index_entry(inst, e, flags); +@@ -288,10 +293,14 @@ ldbm_instance_create_default_indexes(backend *be) + * ancestorid is special, there is actually no such attr type + * but we still want to use the attr index file APIs. + */ +- e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch", ancestorid_indexes_limit); +- ldbm_instance_config_add_index_entry(inst, e, flags); +- attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); +- slapi_entry_free(e); ++ ainfo_get(be, (char *)LDBM_ANCESTORID_STR, &ai); ++ index_already_configured = ai; ++ if (!index_already_configured) { ++ e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch", ancestorid_indexes_limit); ++ ldbm_instance_config_add_index_entry(inst, e, flags); ++ attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); ++ slapi_entry_free(e); ++ } + + slapi_ch_free_string(&ancestorid_indexes_limit); + slapi_ch_free_string(&parentid_indexes_limit); +diff --git a/ldap/servers/slapd/upgrade.c b/ldap/servers/slapd/upgrade.c +index 858392564..b02e37ed6 100644 +--- a/ldap/servers/slapd/upgrade.c ++++ b/ldap/servers/slapd/upgrade.c +@@ -330,6 +330,107 @@ upgrade_remove_subtree_rename(void) + return UPGRADE_SUCCESS; + } + ++/* ++ * Check if parentid/ancestorid indexes are missing the integerOrderingMatch ++ * matching rule. ++ * ++ * This function logs a warning if we detect this condition, advising ++ * the administrator to reindex the affected attributes. ++ */ ++static upgrade_status ++upgrade_check_id_index_matching_rule(void) ++{ ++ struct slapi_pblock *pb = slapi_pblock_new(); ++ Slapi_Entry **backends = NULL; ++ const char *be_base_dn = "cn=ldbm database,cn=plugins,cn=config"; ++ const char *be_filter = "(objectclass=nsBackendInstance)"; ++ const char *attrs_to_check[] = {"parentid", "ancestorid", NULL}; ++ upgrade_status uresult = UPGRADE_SUCCESS; ++ ++ /* Search for all backend instances */ ++ slapi_search_internal_set_pb( ++ pb, be_base_dn, ++ LDAP_SCOPE_ONELEVEL, ++ be_filter, NULL, 0, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_search_internal_pb(pb); ++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &backends); ++ ++ if (backends) { ++ for (size_t be_idx = 0; backends[be_idx] != NULL; be_idx++) { ++ const char *be_name = slapi_entry_attr_get_ref(backends[be_idx], "cn"); ++ if (!be_name) { ++ continue; ++ } ++ ++ /* Check each attribute that should have integerOrderingMatch */ ++ for (size_t attr_idx = 0; attrs_to_check[attr_idx] != NULL; attr_idx++) { ++ const char *attr_name = attrs_to_check[attr_idx]; ++ struct slapi_pblock *idx_pb = slapi_pblock_new(); ++ Slapi_Entry **idx_entries = NULL; ++ char *idx_dn = slapi_create_dn_string("cn=%s,cn=index,cn=%s,%s", ++ attr_name, be_name, be_base_dn); ++ char *idx_filter = "(objectclass=nsIndex)"; ++ PRBool has_matching_rule = PR_FALSE; ++ ++ if (!idx_dn) { ++ slapi_pblock_destroy(idx_pb); ++ continue; ++ } ++ ++ slapi_search_internal_set_pb( ++ idx_pb, idx_dn, ++ LDAP_SCOPE_BASE, ++ idx_filter, NULL, 0, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_search_internal_pb(idx_pb); ++ slapi_pblock_get(idx_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &idx_entries); ++ ++ if (idx_entries && idx_entries[0]) { ++ /* Index exists, check if it has integerOrderingMatch */ ++ Slapi_Attr *mr_attr = NULL; ++ if (slapi_entry_attr_find(idx_entries[0], "nsMatchingRule", &mr_attr) == 0) { ++ Slapi_Value *sval = NULL; ++ int idx; ++ for (idx = slapi_attr_first_value(mr_attr, &sval); ++ idx != -1; ++ idx = slapi_attr_next_value(mr_attr, idx, &sval)) { ++ const struct berval *bval = slapi_value_get_berval(sval); ++ if (bval && bval->bv_val && ++ strcasecmp(bval->bv_val, "integerOrderingMatch") == 0) { ++ has_matching_rule = PR_TRUE; ++ break; ++ } ++ } ++ } ++ ++ if (!has_matching_rule) { ++ /* Index exists but doesn't have integerOrderingMatch, log a warning */ ++ slapi_log_err(SLAPI_LOG_ERR, "upgrade_check_id_index_matching_rule", ++ "Index '%s' in backend '%s' is missing 'nsMatchingRule: integerOrderingMatch'. " ++ "Incorrectly configured system indexes can lead to poor search performance, replication issues, and other operational problems. " ++ "To fix this, add the matching rule and reindex: " ++ "dsconf backend index set --add-mr integerOrderingMatch --attr %s %s && " ++ "dsconf backend index reindex --attr %s %s. " ++ "WARNING: Reindexing can be resource-intensive and may impact server performance on a live system. " ++ "Consider scheduling reindexing during maintenance windows or periods of low activity.\n", ++ attr_name, be_name, attr_name, be_name, attr_name, be_name); ++ } ++ } ++ ++ slapi_ch_free_string(&idx_dn); ++ slapi_free_search_results_internal(idx_pb); ++ slapi_pblock_destroy(idx_pb); ++ } ++ } ++ } ++ ++ slapi_free_search_results_internal(pb); ++ slapi_pblock_destroy(pb); ++ ++ return uresult; ++} ++ + /* + * Upgrade the base config of the PAM PTA plugin. + * +@@ -547,7 +648,11 @@ upgrade_server(void) + if (upgrade_pam_pta_default_config() != UPGRADE_SUCCESS) { + return UPGRADE_FAILURE; + } +- ++ ++ if (upgrade_check_id_index_matching_rule() != UPGRADE_SUCCESS) { ++ return UPGRADE_FAILURE; ++ } ++ + return UPGRADE_SUCCESS; + } + +-- +2.52.0 + diff --git a/0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch b/0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch new file mode 100644 index 0000000..591d144 --- /dev/null +++ b/0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch @@ -0,0 +1,67 @@ +From f5de84e309d5a4435198c9cc9b31b5722979f1ff Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Mon, 12 Jan 2026 10:58:02 +0100 +Subject: [PATCH 5/5] Issue 7172 - (2nd) Index ordering mismatch after upgrade + (#7180) + +Commit 742c12e0247ab64e87da000a4de2f3e5c99044ab introduced a regression +where the check to skip creating parentid/ancestorid indexes if they +already exist was incorrect. +The `ainfo_get()` function falls back to returning +LDBM_PSEUDO_ATTR_DEFAULT attrinfo when the requested attribute is not +found. +Since LDBM_PSEUDO_ATTR_DEFAULT is created before the ancestorid check, +`ainfo_get()` returns LDBM_PSEUDO_ATTR_DEFAULT instead of NULL, causing +the ancestorid index creation to be skipped entirely. + +When operations later try to use the ancestorid index, they fall back to +LDBM_PSEUDO_ATTR_DEFAULT, and attempting to open the .default dbi +mid-transaction fails with MDB_NOTFOUND (-30798). + +Fix Description: +Instead of just checking if `ainfo_get()` returns non-NULL, verify that +the returned attrinfo is actually for the requested attribute. + +Fixes: https://github.com/389ds/389-ds-base/issues/7172 + +Reviewed by: @tbordaz (Thanks!) +--- + ldap/servers/slapd/back-ldbm/instance.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c +index 71bf0f6fa..2a6e8cbb8 100644 +--- a/ldap/servers/slapd/back-ldbm/instance.c ++++ b/ldap/servers/slapd/back-ldbm/instance.c +@@ -190,7 +190,7 @@ ldbm_instance_create_default_indexes(backend *be) + char *ancestorid_indexes_limit = NULL; + char *parentid_indexes_limit = NULL; + struct attrinfo *ai = NULL; +- struct attrinfo *index_already_configured = NULL; ++ int index_already_configured = 0; + struct index_idlistsizeinfo *iter; + int cookie; + int limit; +@@ -250,7 +250,8 @@ ldbm_instance_create_default_indexes(backend *be) + slapi_entry_free(e); + + ainfo_get(be, (char *)LDBM_PARENTID_STR, &ai); +- index_already_configured = ai; ++ /* Check if the attrinfo is actually for parentid, not a fallback to .default */ ++ index_already_configured = (ai != NULL && strcmp(ai->ai_type, LDBM_PARENTID_STR) == 0); + if (!index_already_configured) { + e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR, "eq", 0, 0, 0, "integerOrderingMatch", parentid_indexes_limit); + ldbm_instance_config_add_index_entry(inst, e, flags); +@@ -294,7 +295,8 @@ ldbm_instance_create_default_indexes(backend *be) + * but we still want to use the attr index file APIs. + */ + ainfo_get(be, (char *)LDBM_ANCESTORID_STR, &ai); +- index_already_configured = ai; ++ /* Check if the attrinfo is actually for ancestorid, not a fallback to .default */ ++ index_already_configured = (ai != NULL && strcmp(ai->ai_type, LDBM_ANCESTORID_STR) == 0); + if (!index_already_configured) { + e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch", ancestorid_indexes_limit); + ldbm_instance_config_add_index_entry(inst, e, flags); +-- +2.52.0 + diff --git a/389-ds-base-devel.README b/389-ds-base-devel.README index 190c874..c411a61 100644 --- a/389-ds-base-devel.README +++ b/389-ds-base-devel.README @@ -1,4 +1,4 @@ -For detailed information on developing plugins for -389 Directory Server visit. +For detailed information on developing plugins for 389 Directory Server visit -http://port389/wiki/Plugins +https://www.port389.org/docs/389ds/design/plugins.html +https://github.com/389ds/389-ds-base/blob/main/src/slapi_r_plugin/README.md diff --git a/389-ds-base-git-local.sh b/389-ds-base-git-local.sh deleted file mode 100644 index bc809cb..0000000 --- a/389-ds-base-git-local.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -DATE=`date +%Y%m%d` -# use a real tag name here -VERSION=1.3.5.14 -PKGNAME=389-ds-base -TAG=${TAG:-$PKGNAME-$VERSION} -#SRCNAME=$PKGNAME-$VERSION-$DATE -SRCNAME=$PKGNAME-$VERSION - -test -d .git || { - echo you must be in the ds git repo to use this - echo bye - exit 1 -} - -if [ -z "$1" ] ; then - dir=. -else - dir="$1" -fi - -git archive --prefix=$SRCNAME/ $TAG | bzip2 > $dir/$SRCNAME.tar.bz2 diff --git a/389-ds-base-git.sh b/389-ds-base-git.sh deleted file mode 100644 index 0043901..0000000 --- a/389-ds-base-git.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -DATE=`date +%Y%m%d` -# use a real tag name here -VERSION=1.3.5.14 -PKGNAME=389-ds-base -TAG=${TAG:-$PKGNAME-$VERSION} -URL="https://git.fedorahosted.org/git/?p=389/ds.git;a=snapshot;h=$TAG;sf=tgz" -SRCNAME=$PKGNAME-$VERSION - -wget -O $SRCNAME.tar.gz "$URL" - -echo convert tgz format to tar.bz2 format - -gunzip $PKGNAME-$VERSION.tar.gz -bzip2 $PKGNAME-$VERSION.tar diff --git a/389-ds-base.spec b/389-ds-base.spec index 78a229d..e864a88 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -1,36 +1,63 @@ - -%global pkgname dirsrv -%global srcname 389-ds-base +%global pkgname dirsrv # Exclude i686 bit arches -ExcludeArch: i686 +ExcludeArch: i686 -# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release -# also remove the space between % and global - this space is needed because -# fedpkg verrel stupidly ignores comment lines -#% global prerel .rc3 -# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release -#% global relprefix 0. - -# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. -%global use_Socket6 0 - -%global use_asan 0 -%global use_rust 0 -%global use_perl 1 -%global bundle_jemalloc 1 -%if %{use_asan} -%global bundle_jemalloc 0 -%endif - -%if %{bundle_jemalloc} +%bcond bundle_jemalloc 1 +%if %{with bundle_jemalloc} %global jemalloc_name jemalloc -%global jemalloc_ver 5.2.0 +%global jemalloc_ver 5.3.0 %global __provides_exclude ^libjemalloc\\.so.*$ %endif +%bcond bundle_libdb 0 +%if 0%{?rhel} >= 10 +%bcond bundle_libdb 1 +%endif + +%if %{with bundle_libdb} +%global libdb_version 5.3 +%global libdb_base_version db-%{libdb_version}.28 +%global libdb_full_version lib%{libdb_base_version}-59 +%global libdb_bundle_name libdb-%{libdb_version}-389ds.so +%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11 +# RPM 4.20 +%global libdb_base_dir lib%{libdb_base_version}-build/%{libdb_base_version} +%else +%global libdb_base_dir %{libdb_base_version} +%endif +%endif + +%bcond libbdb_ro 0 +%if 0%{?fedora} >= 43 +%bcond libbdb_ro 1 +%endif + +# This is used in certain builds to help us know if it has extra features. +%global variant base +# This enables a sanitized build. +%bcond asan 0 +%bcond msan 0 +%bcond tsan 0 +%bcond ubsan 0 + +%if %{with asan} || %{with msan} || %{with tsan} || %{with ubsan} +%global variant base-xsan +%endif + # Use Clang instead of GCC -%global use_clang 0 +%bcond clang 0 +%if %{with msan} +%bcond clang 1 +%endif + +%if %{with clang} +%global toolchain clang +%global _missing_build_ids_terminate_build 0 +%endif + +# Build cockpit plugin +%bcond cockpit 1 # fedora 15 and later uses tmpfiles.d # otherwise, comment this out @@ -39,59 +66,370 @@ ExcludeArch: i686 # systemd support %global groupname %{pkgname}.target -# set PIE flag -%global _hardened_build 1 +# Filter argparse-manpage from autogenerated package Requires +%global __requires_exclude ^python.*argparse-manpage -Summary: 389 Directory Server (base) +# Force to require nss version greater or equal as the version available at the build time +# See bz1986327 +%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") + +Summary: 389 Directory Server (%{variant}) Name: 389-ds-base -Version: 1.4.1.6 -Release: %{?relprefix}1%{?prerel}%{?dist}.1 -License: GPLv3+ +Version: 3.2.0 +Release: %{autorelease -n %{?with_asan:-e asan}}%{?dist} +License: GPL-3.0-or-later WITH GPL-3.0-389-ds-base-exception AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR LGPL-2.1-or-later OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-3.0 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 AND Zlib URL: https://www.port389.org -Conflicts: selinux-policy-base < 3.9.8 -Conflicts: freeipa-server < 4.0.3 -Obsoletes: %{name} <= 1.4.0.9 +Obsoletes: %{name}-legacy-tools < 1.4.4.6 +Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6 Provides: ldif2ldbm >= 0 +##### Bundled cargo crates list - START ##### +Provides: bundled(crate(addr2line)) = 0.24.2 +Provides: bundled(crate(adler2)) = 2.0.1 +Provides: bundled(crate(allocator-api2)) = 0.2.21 +Provides: bundled(crate(atty)) = 0.2.14 +Provides: bundled(crate(autocfg)) = 1.5.0 +Provides: bundled(crate(backtrace)) = 0.3.75 +Provides: bundled(crate(base64)) = 0.13.1 +Provides: bundled(crate(bitflags)) = 2.9.1 +Provides: bundled(crate(byteorder)) = 1.5.0 +Provides: bundled(crate(cbindgen)) = 0.26.0 +Provides: bundled(crate(cc)) = 1.2.27 +Provides: bundled(crate(cfg-if)) = 1.0.1 +Provides: bundled(crate(clap)) = 3.2.25 +Provides: bundled(crate(clap_lex)) = 0.2.4 +Provides: bundled(crate(concread)) = 0.5.6 +Provides: bundled(crate(crossbeam-epoch)) = 0.9.18 +Provides: bundled(crate(crossbeam-queue)) = 0.3.12 +Provides: bundled(crate(crossbeam-utils)) = 0.8.21 +Provides: bundled(crate(equivalent)) = 1.0.2 +Provides: bundled(crate(errno)) = 0.3.12 +Provides: bundled(crate(fastrand)) = 2.3.0 +Provides: bundled(crate(fernet)) = 0.1.4 +Provides: bundled(crate(foldhash)) = 0.1.5 +Provides: bundled(crate(foreign-types)) = 0.3.2 +Provides: bundled(crate(foreign-types-shared)) = 0.1.1 +Provides: bundled(crate(getrandom)) = 0.3.3 +Provides: bundled(crate(gimli)) = 0.31.1 +Provides: bundled(crate(hashbrown)) = 0.15.4 +Provides: bundled(crate(heck)) = 0.4.1 +Provides: bundled(crate(hermit-abi)) = 0.1.19 +Provides: bundled(crate(indexmap)) = 1.9.3 +Provides: bundled(crate(itoa)) = 1.0.15 +Provides: bundled(crate(jobserver)) = 0.1.33 +Provides: bundled(crate(libc)) = 0.2.174 +Provides: bundled(crate(linux-raw-sys)) = 0.9.4 +Provides: bundled(crate(log)) = 0.4.27 +Provides: bundled(crate(lru)) = 0.13.0 +Provides: bundled(crate(memchr)) = 2.7.5 +Provides: bundled(crate(miniz_oxide)) = 0.8.9 +Provides: bundled(crate(object)) = 0.36.7 +Provides: bundled(crate(once_cell)) = 1.21.3 +Provides: bundled(crate(openssl)) = 0.10.73 +Provides: bundled(crate(openssl-macros)) = 0.1.1 +Provides: bundled(crate(openssl-sys)) = 0.9.109 +Provides: bundled(crate(os_str_bytes)) = 6.6.1 +Provides: bundled(crate(paste)) = 0.1.18 +Provides: bundled(crate(paste-impl)) = 0.1.18 +Provides: bundled(crate(pin-project-lite)) = 0.2.16 +Provides: bundled(crate(pkg-config)) = 0.3.32 +Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated +Provides: bundled(crate(proc-macro2)) = 1.0.95 +Provides: bundled(crate(quote)) = 1.0.40 +Provides: bundled(crate(r-efi)) = 5.3.0 +Provides: bundled(crate(rustc-demangle)) = 0.1.25 +Provides: bundled(crate(rustix)) = 1.0.7 +Provides: bundled(crate(ryu)) = 1.0.20 +Provides: bundled(crate(serde)) = 1.0.219 +Provides: bundled(crate(serde_derive)) = 1.0.219 +Provides: bundled(crate(serde_json)) = 1.0.140 +Provides: bundled(crate(shlex)) = 1.3.0 +Provides: bundled(crate(smallvec)) = 1.15.1 +Provides: bundled(crate(sptr)) = 0.3.2 +Provides: bundled(crate(strsim)) = 0.10.0 +Provides: bundled(crate(syn)) = 2.0.103 +Provides: bundled(crate(tempfile)) = 3.20.0 +Provides: bundled(crate(termcolor)) = 1.4.1 +Provides: bundled(crate(textwrap)) = 0.16.2 +Provides: bundled(crate(tokio)) = 1.45.1 +Provides: bundled(crate(toml)) = 0.5.11 +Provides: bundled(crate(tracing)) = 0.1.41 +Provides: bundled(crate(tracing-attributes)) = 0.1.30 +Provides: bundled(crate(tracing-core)) = 0.1.34 +Provides: bundled(crate(unicode-ident)) = 1.0.18 +Provides: bundled(crate(uuid)) = 0.8.2 +Provides: bundled(crate(vcpkg)) = 0.2.15 +Provides: bundled(crate(wasi)) = 0.14.2+wasi_0.2.4 +Provides: bundled(crate(winapi)) = 0.3.9 +Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(winapi-util)) = 0.1.9 +Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(windows-sys)) = 0.59.0 +Provides: bundled(crate(windows-targets)) = 0.52.6 +Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.6 +Provides: bundled(crate(windows_i686_gnu)) = 0.52.6 +Provides: bundled(crate(windows_i686_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_i686_msvc)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.6 +Provides: bundled(crate(wit-bindgen-rt)) = 0.39.0 +Provides: bundled(crate(zeroize)) = 1.8.1 +Provides: bundled(crate(zeroize_derive)) = 1.4.2 +Provides: bundled(npm(@eslint-community/eslint-utils)) = 4.4.1 +Provides: bundled(npm(@eslint-community/regexpp)) = 4.12.1 +Provides: bundled(npm(@eslint/eslintrc)) = 2.1.4 +Provides: bundled(npm(@eslint/js)) = 8.57.1 +Provides: bundled(npm(@fortawesome/fontawesome-common-types)) = 0.2.36 +Provides: bundled(npm(@fortawesome/fontawesome-svg-core)) = 1.2.36 +Provides: bundled(npm(@fortawesome/free-solid-svg-icons)) = 5.15.4 +Provides: bundled(npm(@fortawesome/react-fontawesome)) = 0.1.19 +Provides: bundled(npm(@humanwhocodes/config-array)) = 0.13.0 +Provides: bundled(npm(@humanwhocodes/module-importer)) = 1.0.1 +Provides: bundled(npm(@humanwhocodes/object-schema)) = 2.0.3 +Provides: bundled(npm(@nodelib/fs.scandir)) = 2.1.5 +Provides: bundled(npm(@nodelib/fs.stat)) = 2.0.5 +Provides: bundled(npm(@nodelib/fs.walk)) = 1.2.8 +Provides: bundled(npm(@patternfly/patternfly)) = 5.4.1 +Provides: bundled(npm(@patternfly/react-charts)) = 7.4.3 +Provides: bundled(npm(@patternfly/react-core)) = 5.4.1 +Provides: bundled(npm(@patternfly/react-icons)) = 5.4.0 +Provides: bundled(npm(@patternfly/react-log-viewer)) = 5.3.0 +Provides: bundled(npm(@patternfly/react-styles)) = 5.4.0 +Provides: bundled(npm(@patternfly/react-table)) = 5.4.1 +Provides: bundled(npm(@patternfly/react-tokens)) = 5.4.0 +Provides: bundled(npm(@types/d3-array)) = 3.2.1 +Provides: bundled(npm(@types/d3-color)) = 3.1.3 +Provides: bundled(npm(@types/d3-ease)) = 3.0.2 +Provides: bundled(npm(@types/d3-interpolate)) = 3.0.4 +Provides: bundled(npm(@types/d3-path)) = 3.1.0 +Provides: bundled(npm(@types/d3-scale)) = 4.0.8 +Provides: bundled(npm(@types/d3-shape)) = 3.1.6 +Provides: bundled(npm(@types/d3-time)) = 3.0.3 +Provides: bundled(npm(@types/d3-timer)) = 3.0.2 +Provides: bundled(npm(@ungap/structured-clone)) = 1.2.0 +Provides: bundled(npm(@xterm/addon-canvas)) = 0.7.0 +Provides: bundled(npm(@xterm/xterm)) = 5.5.0 +Provides: bundled(npm(acorn)) = 8.14.0 +Provides: bundled(npm(acorn-jsx)) = 5.3.2 +Provides: bundled(npm(ajv)) = 6.12.6 +Provides: bundled(npm(ansi-regex)) = 5.0.1 +Provides: bundled(npm(ansi-styles)) = 4.3.0 +Provides: bundled(npm(argparse)) = 2.0.1 +Provides: bundled(npm(attr-accept)) = 2.2.4 +Provides: bundled(npm(autolinker)) = 3.16.2 +Provides: bundled(npm(balanced-match)) = 1.0.2 +Provides: bundled(npm(brace-expansion)) = 1.1.12 +Provides: bundled(npm(callsites)) = 3.1.0 +Provides: bundled(npm(chalk)) = 4.1.2 +Provides: bundled(npm(color-convert)) = 2.0.1 +Provides: bundled(npm(color-name)) = 1.1.4 +Provides: bundled(npm(concat-map)) = 0.0.1 +Provides: bundled(npm(core-util-is)) = 1.0.3 +Provides: bundled(npm(cross-spawn)) = 7.0.6 +Provides: bundled(npm(d3-array)) = 3.2.4 +Provides: bundled(npm(d3-color)) = 3.1.0 +Provides: bundled(npm(d3-ease)) = 3.0.1 +Provides: bundled(npm(d3-format)) = 3.1.0 +Provides: bundled(npm(d3-interpolate)) = 3.0.1 +Provides: bundled(npm(d3-path)) = 3.1.0 +Provides: bundled(npm(d3-scale)) = 4.0.2 +Provides: bundled(npm(d3-shape)) = 3.2.0 +Provides: bundled(npm(d3-time)) = 3.1.0 +Provides: bundled(npm(d3-time-format)) = 4.1.0 +Provides: bundled(npm(d3-timer)) = 3.0.1 +Provides: bundled(npm(debug)) = 4.3.7 +Provides: bundled(npm(deep-is)) = 0.1.4 +Provides: bundled(npm(delaunator)) = 4.0.1 +Provides: bundled(npm(delaunay-find)) = 0.0.6 +Provides: bundled(npm(dequal)) = 2.0.3 +Provides: bundled(npm(doctrine)) = 3.0.0 +Provides: bundled(npm(encoding)) = 0.1.13 +Provides: bundled(npm(escape-string-regexp)) = 4.0.0 +Provides: bundled(npm(eslint)) = 8.57.1 +Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.6.2 +Provides: bundled(npm(eslint-scope)) = 7.2.2 +Provides: bundled(npm(eslint-visitor-keys)) = 3.4.3 +Provides: bundled(npm(espree)) = 9.6.1 +Provides: bundled(npm(esquery)) = 1.6.0 +Provides: bundled(npm(esrecurse)) = 4.3.0 +Provides: bundled(npm(estraverse)) = 5.3.0 +Provides: bundled(npm(esutils)) = 2.0.3 +Provides: bundled(npm(fast-deep-equal)) = 3.1.3 +Provides: bundled(npm(fast-json-stable-stringify)) = 2.1.0 +Provides: bundled(npm(fast-levenshtein)) = 2.0.6 +Provides: bundled(npm(fastq)) = 1.17.1 +Provides: bundled(npm(file-entry-cache)) = 6.0.1 +Provides: bundled(npm(file-selector)) = 2.1.0 +Provides: bundled(npm(find-up)) = 5.0.0 +Provides: bundled(npm(flat-cache)) = 3.2.0 +Provides: bundled(npm(flatted)) = 3.3.1 +Provides: bundled(npm(focus-trap)) = 7.5.4 +Provides: bundled(npm(fs.realpath)) = 1.0.0 +Provides: bundled(npm(gettext-parser)) = 2.1.0 +Provides: bundled(npm(glob)) = 7.2.3 +Provides: bundled(npm(glob-parent)) = 6.0.2 +Provides: bundled(npm(globals)) = 13.24.0 +Provides: bundled(npm(graphemer)) = 1.4.0 +Provides: bundled(npm(has-flag)) = 4.0.0 +Provides: bundled(npm(hoist-non-react-statics)) = 3.3.2 +Provides: bundled(npm(iconv-lite)) = 0.6.3 +Provides: bundled(npm(ignore)) = 5.3.2 +Provides: bundled(npm(import-fresh)) = 3.3.0 +Provides: bundled(npm(imurmurhash)) = 0.1.4 +Provides: bundled(npm(inflight)) = 1.0.6 +Provides: bundled(npm(inherits)) = 2.0.4 +Provides: bundled(npm(internmap)) = 2.0.3 +Provides: bundled(npm(is-extglob)) = 2.1.1 +Provides: bundled(npm(is-glob)) = 4.0.3 +Provides: bundled(npm(is-path-inside)) = 3.0.3 +Provides: bundled(npm(isarray)) = 1.0.0 +Provides: bundled(npm(isexe)) = 2.0.0 +Provides: bundled(npm(js-sha1)) = 0.7.0 +Provides: bundled(npm(js-sha256)) = 0.11.0 +Provides: bundled(npm(js-tokens)) = 4.0.0 +Provides: bundled(npm(js-yaml)) = 4.1.1 +Provides: bundled(npm(json-buffer)) = 3.0.1 +Provides: bundled(npm(json-schema-traverse)) = 0.4.1 +Provides: bundled(npm(json-stable-stringify-without-jsonify)) = 1.0.1 +Provides: bundled(npm(json-stringify-safe)) = 5.0.1 +Provides: bundled(npm(keyv)) = 4.5.4 +Provides: bundled(npm(levn)) = 0.4.1 +Provides: bundled(npm(locate-path)) = 6.0.0 +Provides: bundled(npm(lodash)) = 4.17.21 +Provides: bundled(npm(lodash.merge)) = 4.6.2 +Provides: bundled(npm(loose-envify)) = 1.4.0 +Provides: bundled(npm(memoize-one)) = 5.2.1 +Provides: bundled(npm(minimatch)) = 3.1.2 +Provides: bundled(npm(ms)) = 2.1.3 +Provides: bundled(npm(natural-compare)) = 1.4.0 +Provides: bundled(npm(object-assign)) = 4.1.1 +Provides: bundled(npm(once)) = 1.4.0 +Provides: bundled(npm(optionator)) = 0.9.4 +Provides: bundled(npm(p-limit)) = 3.1.0 +Provides: bundled(npm(p-locate)) = 5.0.0 +Provides: bundled(npm(parent-module)) = 1.0.1 +Provides: bundled(npm(path-exists)) = 4.0.0 +Provides: bundled(npm(path-is-absolute)) = 1.0.1 +Provides: bundled(npm(path-key)) = 3.1.1 +Provides: bundled(npm(prelude-ls)) = 1.2.1 +Provides: bundled(npm(prettier)) = 3.3.3 +Provides: bundled(npm(process-nextick-args)) = 2.0.1 +Provides: bundled(npm(prop-types)) = 15.8.1 +Provides: bundled(npm(punycode)) = 2.3.1 +Provides: bundled(npm(queue-microtask)) = 1.2.3 +Provides: bundled(npm(react)) = 18.3.1 +Provides: bundled(npm(react-dom)) = 18.3.1 +Provides: bundled(npm(react-dropzone)) = 14.3.5 +Provides: bundled(npm(react-fast-compare)) = 3.2.2 +Provides: bundled(npm(react-is)) = 16.13.1 +Provides: bundled(npm(readable-stream)) = 2.3.8 +Provides: bundled(npm(remarkable)) = 2.0.1 +Provides: bundled(npm(resolve-from)) = 4.0.0 +Provides: bundled(npm(reusify)) = 1.0.4 +Provides: bundled(npm(rimraf)) = 3.0.2 +Provides: bundled(npm(run-parallel)) = 1.2.0 +Provides: bundled(npm(safe-buffer)) = 5.2.1 +Provides: bundled(npm(safer-buffer)) = 2.1.2 +Provides: bundled(npm(scheduler)) = 0.23.2 +Provides: bundled(npm(shebang-command)) = 2.0.0 +Provides: bundled(npm(shebang-regex)) = 3.0.0 +Provides: bundled(npm(sprintf-js)) = 1.0.3 +Provides: bundled(npm(string_decoder)) = 1.1.1 +Provides: bundled(npm(strip-ansi)) = 6.0.1 +Provides: bundled(npm(strip-json-comments)) = 3.1.1 +Provides: bundled(npm(supports-color)) = 7.2.0 +Provides: bundled(npm(tabbable)) = 6.2.0 +Provides: bundled(npm(text-table)) = 0.2.0 +Provides: bundled(npm(throttle-debounce)) = 5.0.2 +Provides: bundled(npm(tslib)) = 2.8.1 +Provides: bundled(npm(type-check)) = 0.4.0 +Provides: bundled(npm(type-fest)) = 0.20.2 +Provides: bundled(npm(uri-js)) = 4.4.1 +Provides: bundled(npm(util-deprecate)) = 1.0.2 +Provides: bundled(npm(uuid)) = 10.0.0 +Provides: bundled(npm(victory-area)) = 37.3.1 +Provides: bundled(npm(victory-axis)) = 37.3.1 +Provides: bundled(npm(victory-bar)) = 37.3.1 +Provides: bundled(npm(victory-box-plot)) = 37.3.1 +Provides: bundled(npm(victory-brush-container)) = 37.3.1 +Provides: bundled(npm(victory-chart)) = 37.3.1 +Provides: bundled(npm(victory-core)) = 37.3.1 +Provides: bundled(npm(victory-create-container)) = 37.3.1 +Provides: bundled(npm(victory-cursor-container)) = 37.3.1 +Provides: bundled(npm(victory-group)) = 37.3.1 +Provides: bundled(npm(victory-legend)) = 37.3.1 +Provides: bundled(npm(victory-line)) = 37.3.1 +Provides: bundled(npm(victory-pie)) = 37.3.1 +Provides: bundled(npm(victory-polar-axis)) = 37.3.1 +Provides: bundled(npm(victory-scatter)) = 37.3.1 +Provides: bundled(npm(victory-selection-container)) = 37.3.1 +Provides: bundled(npm(victory-shared-events)) = 37.3.1 +Provides: bundled(npm(victory-stack)) = 37.3.1 +Provides: bundled(npm(victory-tooltip)) = 37.3.1 +Provides: bundled(npm(victory-vendor)) = 37.3.1 +Provides: bundled(npm(victory-voronoi-container)) = 37.3.1 +Provides: bundled(npm(victory-zoom-container)) = 37.3.1 +Provides: bundled(npm(which)) = 2.0.2 +Provides: bundled(npm(word-wrap)) = 1.2.5 +Provides: bundled(npm(wrappy)) = 1.0.2 +Provides: bundled(npm(yocto-queue)) = 0.1.0 +##### Bundled cargo crates list - END ##### + +# Attach the buildrequires to the top level package: BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.34 -BuildRequires: perl-generators +BuildRequires: openldap-clients BuildRequires: openldap-devel -BuildRequires: libdb-devel +BuildRequires: lmdb-devel BuildRequires: cyrus-sasl-devel BuildRequires: icu BuildRequires: libicu-devel -BuildRequires: pcre-devel +BuildRequires: pcre2-devel BuildRequires: cracklib-devel -%if %{use_clang} +BuildRequires: json-c-devel +BuildRequires: libxcrypt-devel +%if %{with clang} BuildRequires: libatomic BuildRequires: clang +BuildRequires: compiler-rt +BuildRequires: lld %else BuildRequires: gcc BuildRequires: gcc-c++ +%if %{with asan} +BuildRequires: libasan %endif +%if %{with tsan} +BuildRequires: libtsan +%endif +%if %{with ubsan} +BuildRequires: libubsan +%endif +%endif +%if %{without libbdb_ro} +%if %{without bundle_libdb} +BuildRequires: libdb-devel +%endif +%endif + # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel -BuildRequires: lm_sensors-devel BuildRequires: bzip2-devel -BuildRequires: zlib-devel BuildRequires: openssl-devel # the following is for the pam passthru auth plug-in BuildRequires: pam-devel BuildRequires: systemd-units BuildRequires: systemd-devel -%if %{use_asan} -BuildRequires: libasan -%endif -# If rust is enabled -%if %{use_rust} -BuildRequires: cargo -BuildRequires: rust -%endif +BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} +BuildRequires: cargo +BuildRequires: rust BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(krb5) - +BuildRequires: pkgconfig(libpcre2-8) # Needed to support regeneration of the autotool artifacts. BuildRequires: autoconf BuildRequires: automake @@ -100,150 +438,151 @@ BuildRequires: libtool BuildRequires: doxygen # For tests! BuildRequires: libcmocka-devel -BuildRequires: libevent-devel -# For lib389 and related components +# For lib389 and related components. BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-ldap -BuildRequires: python%{python3_pkgversion}-six -BuildRequires: python%{python3_pkgversion}-pyasn1 -BuildRequires: python%{python3_pkgversion}-pyasn1-modules -BuildRequires: python%{python3_pkgversion}-dateutil -BuildRequires: python%{python3_pkgversion}-argcomplete -BuildRequires: python%{python3_pkgversion}-argparse-manpage -BuildRequires: python%{python3_pkgversion}-libselinux -BuildRequires: python%{python3_pkgversion}-policycoreutils # For cockpit +%if %{with cockpit} BuildRequires: rsync BuildRequires: npm BuildRequires: nodejs +%endif + +# For autosetup -S git +BuildRequires: git Requires: %{name}-libs = %{version}-%{release} Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} # this is needed for using semanage from our setup scripts Requires: policycoreutils-python-utils -Requires: /usr/sbin/semanage Requires: libsemanage-python%{python3_pkgversion} - -Requires: selinux-policy >= 3.14.1-29 - # the following are needed for some of our scripts Requires: openldap-clients -Requires: openssl-perl -Requires: python%{python3_pkgversion}-ldap - +Requires: acl # this is needed to setup SSL if you are not using the # administration server package Requires: nss-tools -Requires: nss >= 3.34 - +%dirsrv_requires_ge nss # these are not found by the auto-dependency method # they are required to support the mandatory LDAP SASL mechs Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-md5 +# This is optionally supported by us, as we use it in our tests Requires: cyrus-sasl-plain - -# this is needed for verify-db.pl -Requires: libdb-utils - +# this is needed for backldbm +%if %{with libbdb_ro} +Requires: %{name}-robdb-libs = %{version}-%{release} +%else +%if %{without bundle_libdb} +Requires: libdb +%endif +%endif +Requires: lmdb-libs +# Needed by logconv.pl +%if %{without libbdb_ro} +%if %{without bundle_libdb} +Requires: perl-DB_File +%endif +%endif +Requires: perl-Archive-Tar +%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 +Requires: perl-debugger +Requires: perl-sigtrap +%endif # Needed for password dictionary checks Requires: cracklib-dicts - -# This picks up libperl.so as a Requires, so we add this versioned one -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) -Requires: perl-Errno >= 1.23-360 - -# Needed by logconv.pl -Requires: perl-DB_File -Requires: perl-Archive-Tar - +Requires: json-c +# Log compression +Requires: zlib-devel +# logconv.py, MIME type +Requires: python3-file-magic # Picks up our systemd deps. %{?systemd_requires} -Obsoletes: %{name} <= 1.3.5.4 - -Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}%{?prerel}.tar.bz2 -# 389-ds-git.sh should be used to generate the source tarball from git -Source1: %{name}-git.sh +Source0: https://github.com/389ds/%{name}/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 Source2: %{name}-devel.README -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 +Source6: jemalloc-5.3.0_throw_bad_alloc.patch %endif +Source4: 389-ds-base.sysusers +%if %{with bundle_libdb} +Source5: https://fedorapeople.org/groups/389ds/libdb-5.3.28-59.tar.bz2 +%endif + +Patch: 0001-Issue-7096-During-replication-online-total-init-the-.patch +Patch: 0002-Issue-Revise-paged-result-search-locking.patch +Patch: 0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch +Patch: 0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch +Patch: 0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. -%if %{use_asan} +%if %{with asan} WARNING! This build is linked to Address Sanitisation libraries. This probably isn't what you want. Please contact support immediately. Please see http://seclists.org/oss-sec/2016/q1/363 for more information. %endif +%if %{with libbdb_ro} +%package robdb-libs +Summary: Read-only Berkeley Database Library +License: GPL-2.0-or-later OR LGPL-2.1-or-later + +%description robdb-libs +The %{name}-robdb-lib package contains a library derived from rpm +project (https://github.com/rpm-software-management/rpm) that provides +some basic functions to search and read Berkeley Database records +%endif + + %package libs -Summary: Core libraries for 389 Directory Server -BuildRequires: nspr-devel -BuildRequires: nss-devel >= 3.34 -BuildRequires: openldap-devel -BuildRequires: libdb-devel -BuildRequires: cyrus-sasl-devel -BuildRequires: libicu-devel -BuildRequires: pcre-devel -BuildRequires: libtalloc-devel -BuildRequires: libevent-devel -BuildRequires: libtevent-devel -Requires: krb5-libs -Requires: libevent -BuildRequires: systemd-devel +Summary: Core libraries for 389 Directory Server (%{variant}) Provides: svrcore = 4.1.4 -Conflicts: svrcore Obsoletes: svrcore <= 4.1.3 +Conflicts: svrcore +%dirsrv_requires_ge nss +Requires: nspr +Requires: openldap +Requires: systemd-libs +# Pull in sasl +Requires: cyrus-sasl-lib +# KRB +Requires: krb5-libs +%if %{with clang} +Requires: llvm +Requires: compiler-rt +%else +%if %{with asan} +Requires: libasan +%endif +%if %{with tsan} +Requires: libtsan +%endif +%if %{with ubsan} +Requires: libubsan +%endif +%endif %description libs Core libraries for the 389 Directory Server base package. These libraries are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package. -%package legacy-tools -Summary: Legacy utilities for 389 Directory Server (%{variant}) -Obsoletes: %{name} <= 1.4.0.9 -Requires: 389-ds-base-libs = %{version}-%{release} -%if %{use_perl} -# for setup-ds.pl to support ipv6 -%if %{use_Socket6} -Requires: perl-Socket6 -%else -Requires: perl-Socket -%endif -Requires: perl-NetAddr-IP -# use_openldap assumes perl-Mozilla-LDAP is built with openldap support -Requires: perl-Mozilla-LDAP -# for setup-ds.pl -Requires: bind-utils -%{?perl_default_filter} -%endif -# End use perl - -%description legacy-tools -Legacy (and deprecated) utilities for 389 Directory Server. This includes -the old account management and task scripts. These are deprecated in favour of -the dscreate, dsctl, dsconf and dsidm tools. - %package devel -Summary: Development libraries for 389 Directory Server +Summary: Development libraries for 389 Directory Server (%{variant}) +Provides: svrcore-devel = 4.1.4 +Obsoletes: svrcore-devel <= 4.1.3 +Conflicts: svrcore-devel Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig Requires: nspr-devel Requires: nss-devel >= 3.34 Requires: openldap-devel -Requires: libtalloc -Requires: libevent -Requires: libtevent +# systemd-libs contains the headers iirc. Requires: systemd-libs -Provides: svrcore-devel = 4.1.4 -Conflicts: svrcore-devel -Obsoletes: svrcore-devel <= 4.1.3 %description devel Development Libraries and headers for the 389 Directory Server base package. @@ -257,162 +596,279 @@ Obsoletes: %{name} <= 1.4.0.0 %description snmp SNMP Agent for the 389 Directory Server base package. +%if %{with bundle_libdb} +%package bdb +Summary: Berkeley Database backend for 389 Directory Server +%description bdb +Berkeley Database backend for 389 Directory Server +Warning! This backend is deprecated in favor of lmdb and its support +may be removed in future versions. + +Requires: %{name} = %{version}-%{release} +# Berkeley DB database libdb was marked as deprecated since F40: +# https://fedoraproject.org/wiki/Changes/389_Directory_Server_3.0.0 +# because libdb was marked as deprecated since F33 +# https://fedoraproject.org/wiki/Changes/Libdb_deprecated +Provides: deprecated() +%endif + + %package -n python%{python3_pkgversion}-lib389 Summary: A library for accessing, testing, and configuring the 389 Directory Server BuildArch: noarch +Requires: %{name} = %{version}-%{release} Requires: openssl +# This is for /usr/bin/c_rehash tool, only needed for openssl < 1.1.0 +Requires: openssl-perl Requires: iproute -Requires: python%{python3_pkgversion} -Requires: python%{python3_pkgversion}-pytest -Requires: python%{python3_pkgversion}-ldap -Requires: python%{python3_pkgversion}-six -Requires: python%{python3_pkgversion}-pyasn1 -Requires: python%{python3_pkgversion}-pyasn1-modules -Requires: python%{python3_pkgversion}-dateutil -Requires: python%{python3_pkgversion}-argcomplete Requires: python%{python3_pkgversion}-libselinux -%{?python_provide:%python_provide python%{python3_pkgversion}-lib389} +Recommends: bash-completion %description -n python%{python3_pkgversion}-lib389 This module contains tools and libraries for accessing, testing, and configuring the 389 Directory Server. +%if %{with cockpit} %package -n cockpit-389-ds Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server BuildArch: noarch Requires: cockpit +Requires: %{name} = %{version}-%{release} Requires: python%{python3_pkgversion} -Requires: python%{python3_pkgversion}-lib389 +Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} %description -n cockpit-389-ds A cockpit UI Plugin for configuring and administering the 389 Directory Server +%endif + +%generate_buildrequires +cd src/lib389 +# Tests do not run in %%check (lib389's tests need to be fixed) +# but test dependencies are needed to check import lib389.topologies +%pyproject_buildrequires -g test %prep -%setup -q -n %{name}-%{version}%{?prerel} +%autosetup -S git -p1 -n %{name}-%{version} -%if %{bundle_jemalloc} -%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3 +%if %{with bundle_jemalloc} +%setup -q -n %{name}-%{version} -T -D -b 3 +%endif + +%if %{with bundle_libdb} +%setup -q -n %{name}-%{version} -T -D -b 5 %endif cp %{SOURCE2} README.devel %build +# Workaround until https://github.com/389ds/389-ds-base/issues/6476 is fixed +export CFLAGS="%{optflags} -std=gnu17" -OPENLDAP_FLAG="--with-openldap" -%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} -# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 -NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" - -%if %{use_asan} -ASAN_FLAGS="--enable-asan --enable-debug" -%endif - -%if %{use_rust} -RUST_FLAGS="--enable-rust" -%endif - -%if !%{use_perl} -PERL_FLAGS="--disable-perl" -%endif - -%if %{use_clang} -export CC=clang -export CXX=clang++ +%if %{with clang} CLANG_FLAGS="--enable-clang" %endif -%if %{bundle_jemalloc} +%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} + +%if %{with asan} +ASAN_FLAGS="--enable-asan --enable-debug" +%endif + +%if %{with msan} +MSAN_FLAGS="--enable-msan --enable-debug" +%endif + +%if %{with tsan} +TSAN_FLAGS="--enable-tsan --enable-debug" +%endif + +%if %{with ubsan} +UBSAN_FLAGS="--enable-ubsan --enable-debug" +%endif + +RUST_FLAGS="--enable-rust --enable-rust-offline" + +%if %{without cockpit} +COCKPIT_FLAGS="--disable-cockpit" +%endif + +%if %{with bundle_jemalloc} +# Override page size, bz #1545539 +# 4K +%ifarch %ix86 %arm x86_64 s390x +%define lg_page --with-lg-page=12 +%endif + +# 64K +%ifarch ppc64 ppc64le aarch64 +%define lg_page --with-lg-page=16 +%endif + +# Override huge page size on aarch64 +# 2M instead of 512M +%ifarch aarch64 +%define lg_hugepage --with-lg-hugepage=21 +%endif + # Build jemalloc pushd ../%{jemalloc_name}-%{jemalloc_ver} +patch -p1 -F3 < %{SOURCE6} %configure \ --libdir=%{_libdir}/%{pkgname}/lib \ - --bindir=%{_libdir}/%{pkgname}/bin -make + --bindir=%{_libdir}/%{pkgname}/bin \ + --enable-prof %{lg_page} %{lg_hugepage} +%make_build popd %endif -# Enforce strict linking -%define _strict_symbol_defs_build 1 +# Build custom libdb package +%if %{with bundle_libdb} +mkdir -p ../%{libdb_base_version} +pushd ../%{libdb_base_version} +tar -xjf %{_topdir}/SOURCES/%{libdb_full_version}.tar.bz2 +mv %{libdb_full_version} SOURCES +sed -i -e '/^CFLAGS=/s/-fno-strict-aliasing/& -std=gnu99/' %{_builddir}/%{name}-%{version}/rpm/bundle-libdb.spec +rpmbuild --define "_topdir $PWD" -bc %{_builddir}/%{name}-%{version}/rpm/bundle-libdb.spec +popd +%endif # Rebuild the autotool artifacts now. autoreconf -fiv -%configure --enable-autobind --with-selinux $TMPFILES_FLAG \ +%configure \ +%if %{with libbdb_ro} + --with-libbdb-ro \ +%else + --without-libbdb-ro \ +%endif +%if %{with bundle_libdb} + --with-bundle-libdb=%{_builddir}/%{libdb_base_version}/BUILD/%{libdb_base_dir}/dist/dist-tls \ +%endif + --with-selinux $TMPFILES_FLAG \ --with-systemd \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ - --with-systemdgroupname=%{groupname} \ + --with-systemdgroupname=%{groupname} \ --libexecdir=%{_libexecdir}/%{pkgname} \ - $NSSARGS $ASAN_FLAGS $RUST_FLAGS $PERL_FLAGS $CLANG_FLAGS \ - --enable-cmocka \ - --enable-perl + $ASAN_FLAGS $MSAN_FLAGS $TSAN_FLAGS $UBSAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ +%if 0%{?fedora} >= 34 || 0%{?rhel} >= 9 + --with-libldap-r=no \ +%endif + --enable-cmocka +# Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings from systemd on older releases +%if 0%{?rhel} && 0%{?rhel} < 9 + sed -r -i '/^(Protect(Home|Hostname|KernelLogs)|PrivateMounts)=/d' %{_builddir}/%{name}-%{version}/wrappers/*.service.in +%endif # lib389 pushd ./src/lib389 -%py3_build +%{python3} validate_version.py --update +%pyproject_wheel popd -# argparse-manpage dynamic man pages have hardcoded man v1 in header, -# need to change it to v8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8 # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS -#make %{?_smp_mflags} -make +%make_build %install mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} +%if %{with cockpit} mkdir -p %{buildroot}%{_datadir}/cockpit -make DESTDIR="$RPM_BUILD_ROOT" install - -# Cockpit branding, and directory and file list -%if 0%{?rhel} > 7 -mv -f %{buildroot}%{_datadir}/cockpit/389-console/rhds-banner.html %{buildroot}%{_datadir}/cockpit/389-console/banner.html %endif +%make_install + +%if %{with cockpit} find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list +%endif + +find %{buildroot}%{_libdir}/%{pkgname}/plugins/ -type f -iname 'lib*.so' | sed -e "s@%{buildroot}@@" > plugins.list +%if %{with bundle_libdb} +sed -i -e "/libback-bdb/d" plugins.list +%endif # Copy in our docs from doxygen. -cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 +cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 # lib389 pushd src/lib389 -%py3_install +%pyproject_install +%pyproject_save_files -l lib389 popd +# Register CLI tools for bash completion +for clitool in dsconf dsctl dsidm dscreate ds-replcheck +do + register-python-argcomplete "${clitool}" > "${clitool}" + install -p -m 0644 -D -t '%{buildroot}%{bash_completions_dir}' "${clitool}" +done + mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} -mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} \ + && chmod 770 $RPM_BUILD_ROOT/var/lock/%{pkgname} # for systemd mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants +install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/389-ds-base.conf -#remove libtool archives and static libs -find %{buildroot} -type f -name "*.la" -delete -find %{buildroot} -type f -name "*.a" -delete +#remove libtool and static libs +rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a +rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la -%if %{use_perl} -# make sure perl scripts have a proper shebang -sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl -%endif - -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} pushd ../%{jemalloc_name}-%{jemalloc_ver} make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin -cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc -cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc +cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc +cp -pa README ../%{name}-%{version}/README.jemalloc +popd +%endif + +%if %{with bundle_libdb} +pushd ../%{libdb_base_version} +libdbbuilddir=$PWD/BUILD/%{libdb_base_dir} +libdbdestdir=$PWD/../%{name}-%{version} +cp -pa $libdbbuilddir/LICENSE $libdbdestdir/LICENSE.libdb +cp -pa $libdbbuilddir/README $libdbdestdir/README.libdb +cp -pa $libdbbuilddir/lgpl-2.1.txt $libdbdestdir/lgpl-2.1.txt.libdb +cp -pa $libdbbuilddir/dist/dist-tls/.libs/%{libdb_bundle_name} $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/%{libdb_bundle_name} +popd +%endif + +%if %{with libbdb_ro} +pushd lib/librobdb +cp -pa COPYING %{_builddir}/%{name}-%{version}/COPYING.librobdb +cp -pa COPYING.RPM %{_builddir}/%{name}-%{version}/COPYING.RPM +install -m 0755 -d %{buildroot}/%{_libdir} +install -m 0755 -d %{buildroot}/%{_docdir}/%{name}-robdb-libs +install -m 0755 -d %{buildroot}/%{_licensedir}/%{name} +install -m 0755 -d %{buildroot}/%{_licensedir}/%{name}-robdb-libs +install -m 0644 $PWD/README.md %{buildroot}/%{_docdir}/%{name}-robdb-libs/README.md +install -m 0644 $PWD/COPYING %{buildroot}/%{_licensedir}/%{name}-robdb-libs/COPYING +install -m 0644 $PWD/COPYING.RPM %{buildroot}/%{_licensedir}/%{name}-robdb-libs/COPYING.RPM +install -m 0644 $PWD/COPYING %{buildroot}/%{_licensedir}/%{name}/COPYING.librobdb +install -m 0644 $PWD/COPYING.RPM %{buildroot}/%{_licensedir}/%{name}/COPYING.RPM popd %endif %check # This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. +%if %{with tsan} +export TSAN_OPTIONS=print_stacktrace=1:second_deadlock_stack=1:history_size=7 +%endif +%if %{without asan} && %{without msan} if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi +%endif + +# Check import for lib389 modules +%pyproject_check_import -e '*.test*' %post if [ -n "$DEBUGPOSTTRANS" ] ; then @@ -422,29 +878,48 @@ else output=/dev/null output2=/dev/null fi + # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >$output 2>&1 || : -# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation -# Soft static allocation for UID and GID -USERNAME="dirsrv" -ALLOCATED_UID=389 -GROUPNAME="dirsrv" -ALLOCATED_GID=389 -HOMEDIR="/usr/share/dirsrv" - -getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME -if ! getent passwd $USERNAME >/dev/null ; then - if ! getent passwd $ALLOCATED_UID >/dev/null ; then - /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - else - /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - fi -fi - # Reload our sysctl before we restart (if we can) sysctl --system &> $output; true +# Gather the running instances so we can restart them +instbase="%{_sysconfdir}/%{pkgname}" +ninst=0 +for dir in $instbase/slapd-* ; do + echo dir = $dir >> $output 2>&1 || : + if [ ! -d "$dir" ] ; then continue ; fi + case "$dir" in *.removed) continue ;; esac + basename=`basename $dir` + inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" + echo found instance $inst - getting status >> $output 2>&1 || : + if /bin/systemctl -q is-active $inst ; then + echo instance $inst is running >> $output 2>&1 || : + instances="$instances $inst" + else + echo instance $inst is not running >> $output 2>&1 || : + fi + ninst=`expr $ninst + 1` +done +if [ $ninst -eq 0 ] ; then + echo no instances to upgrade >> $output 2>&1 || : + exit 0 # have no instances to upgrade - just skip the rest +else + # restart running instances + echo shutting down all instances . . . >> $output 2>&1 || : + for inst in $instances ; do + echo stopping instance $inst >> $output 2>&1 || : + /bin/systemctl stop $inst >> $output 2>&1 || : + done + for inst in $instances ; do + echo starting instance $inst >> $output 2>&1 || : + /bin/systemctl start $inst >> $output 2>&1 || : + done +fi + + %preun if [ $1 -eq 0 ]; then # Final removal # remove instance specific service files/links @@ -465,74 +940,10 @@ fi %postun snmp %systemd_postun_with_restart %{pkgname}-snmp.service -%post legacy-tools - -%if %{use_perl} -# START UPGRADE SCRIPT - -if [ -n "$DEBUGPOSTTRANS" ] ; then - output=$DEBUGPOSTTRANS - output2=${DEBUGPOSTTRANS}.upgrade -else - output=/dev/null - output2=/dev/null -fi - -# find all instances -instances="" # instances that require a restart after upgrade -ninst=0 # number of instances found in total - -echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || : -instbase="%{_sysconfdir}/%{pkgname}" -for dir in $instbase/slapd-* ; do - echo dir = $dir >> $output 2>&1 || : - if [ ! -d "$dir" ] ; then continue ; fi - case "$dir" in *.removed) continue ;; esac - basename=`basename $dir` - inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" - echo found instance $inst - getting status >> $output 2>&1 || : - if /bin/systemctl -q is-active $inst ; then - echo instance $inst is running >> $output 2>&1 || : - instances="$instances $inst" - else - echo instance $inst is not running >> $output 2>&1 || : - fi - ninst=`expr $ninst + 1` -done -if [ $ninst -eq 0 ] ; then - echo no instances to upgrade >> $output 2>&1 || : - exit 0 # have no instances to upgrade - just skip the rest -fi -# shutdown all instances -echo shutting down all instances . . . >> $output 2>&1 || : -for inst in $instances ; do - echo stopping instance $inst >> $output 2>&1 || : - /bin/systemctl stop $inst >> $output 2>&1 || : -done -echo remove pid files . . . >> $output 2>&1 || : -/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid -# do the upgrade -echo upgrading instances . . . >> $output 2>&1 || : -DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"` -if [ -n "$DEBUGPOSTSETUPOPT" ] ; then - %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : -else - %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || : -fi - -# restart instances that require it -for inst in $instances ; do - echo restarting instance $inst >> $output 2>&1 || : - /bin/systemctl start $inst >> $output 2>&1 || : -done -#END UPGRADE -%endif - exit 0 - -%files -%if %{bundle_jemalloc} +%files -f plugins.list +%if %{with bundle_jemalloc} %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc %license COPYING.jemalloc %else @@ -543,50 +954,33 @@ exit 0 %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif %dir %{_sysconfdir}/%{pkgname}/config %dir %{_sysconfdir}/systemd/system/%{groupname}.wants +%{_sysusersdir}/389-ds-base.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf %{_datadir}/%{pkgname} -%exclude %{_datadir}/%{pkgname}/script-templates -%exclude %{_datadir}/%{pkgname}/updates -%exclude %{_datadir}/%{pkgname}/properties/*.res %{_datadir}/gdb/auto-load/* %{_unitdir} %{_bindir}/dbscan %{_mandir}/man1/dbscan.1.gz %{_bindir}/ds-replcheck %{_mandir}/man1/ds-replcheck.1.gz +%{bash_completions_dir}/ds-replcheck %{_bindir}/ds-logpipe.py %{_mandir}/man1/ds-logpipe.py.1.gz %{_bindir}/ldclt %{_mandir}/man1/ldclt.1.gz -%{_sbindir}/ldif2ldap -%{_mandir}/man8/ldif2ldap.8.gz %{_bindir}/logconv.pl %{_mandir}/man1/logconv.pl.1.gz +%{_bindir}/logconv.py +%{_mandir}/man1/logconv.py.1.gz %{_bindir}/pwdhash %{_mandir}/man1/pwdhash.1.gz -%{_bindir}/readnsstate -%{_mandir}/man1/readnsstate.1.gz -#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd %{_sbindir}/ns-slapd %{_mandir}/man8/ns-slapd.8.gz +%{_sbindir}/openldap_to_ds +%{_mandir}/man8/openldap_to_ds.8.gz %{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl -%{_sbindir}/bak2db -%{_mandir}/man8/bak2db.8.gz -%{_sbindir}/db2bak -%{_mandir}/man8/db2bak.8.gz -%{_sbindir}/db2index -%{_mandir}/man8/db2index.8.gz -%{_sbindir}/db2ldif -%{_mandir}/man8/db2ldif.8.gz -%{_sbindir}/dbverify -%{_mandir}/man8/dbverify.8.gz -%{_sbindir}/ldif2db -%{_mandir}/man8/ldif2db.8.gz -%{_sbindir}/upgradedb -%{_mandir}/man8/upgradedb.8.gz -%{_sbindir}/vlvindex -%{_mandir}/man8/vlvindex.8.gz +%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh %{_mandir}/man5/99user.ldif.5.gz %{_mandir}/man5/certmap.conf.5.gz %{_mandir}/man5/slapd-collations.conf.5.gz @@ -594,7 +988,6 @@ exit 0 %{_mandir}/man5/dirsrv.systemd.5.gz %{_libdir}/%{pkgname}/python %dir %{_libdir}/%{pkgname}/plugins -%{_libdir}/%{pkgname}/plugins/*.so # This has to be hardcoded to /lib - $libdir changes between lib/lib64, but # sysctl.d is always in /lib. %{_prefix}/lib/sysctl.d/* @@ -604,7 +997,7 @@ exit 0 %exclude %{_sbindir}/ldap-agent* %exclude %{_mandir}/man1/ldap-agent.1.gz %exclude %{_unitdir}/%{pkgname}-snmp.service -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} %{_libdir}/%{pkgname}/lib/ %{_libdir}/%{pkgname}/bin/ %exclude %{_libdir}/%{pkgname}/bin/jemalloc-config @@ -614,6 +1007,9 @@ exit 0 %exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a %exclude %{_libdir}/%{pkgname}/lib/pkgconfig %endif +%if %{with libbdb_ro} +%exclude %{_libdir}/%{pkgname}/librobdb.so +%endif %files devel %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel @@ -623,122 +1019,21 @@ exit 0 %{_libdir}/libsvrcore.so %{_libdir}/%{pkgname}/libslapd.so %{_libdir}/%{pkgname}/libns-dshttpd.so -%{_libdir}/%{pkgname}/libnunc-stans.so -%{_libdir}/%{pkgname}/libsds.so %{_libdir}/%{pkgname}/libldaputil.so %{_libdir}/pkgconfig/svrcore.pc %{_libdir}/pkgconfig/dirsrv.pc -%{_libdir}/pkgconfig/libsds.pc -%{_libdir}/pkgconfig/nunc-stans.pc %files libs %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %dir %{_libdir}/%{pkgname} %{_libdir}/libsvrcore.so.* %{_libdir}/%{pkgname}/libslapd.so.* -%{_libdir}/%{pkgname}/libns-dshttpd-*.so -%{_libdir}/%{pkgname}/libnunc-stans.so.* -%{_libdir}/%{pkgname}/libsds.so.* +%{_libdir}/%{pkgname}/libns-dshttpd.so.* %{_libdir}/%{pkgname}/libldaputil.so.* -%if %{bundle_jemalloc} +%{_libdir}/%{pkgname}/librewriters.so* +%if %{with bundle_jemalloc} %{_libdir}/%{pkgname}/lib/libjemalloc.so.2 %endif -%if %{use_rust} -%{_libdir}/%{pkgname}/librsds.so -%endif - -%files legacy-tools -%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel -%{_bindir}/infadd -%{_mandir}/man1/infadd.1.gz -%{_bindir}/ldif -%{_mandir}/man1/ldif.1.gz -%{_bindir}/migratecred -%{_mandir}/man1/migratecred.1.gz -%{_bindir}/mmldif -%{_mandir}/man1/mmldif.1.gz -%{_bindir}/rsearch -%{_mandir}/man1/rsearch.1.gz -%{_sbindir}/monitor -%{_mandir}/man8/monitor.8.gz -%{_sbindir}/dbmon.sh -%{_mandir}/man8/dbmon.sh.8.gz -%{_sbindir}/dn2rdn -%{_mandir}/man8/dn2rdn.8.gz -%{_sbindir}/restoreconfig -%{_mandir}/man8/restoreconfig.8.gz -%{_sbindir}/saveconfig -%{_mandir}/man8/saveconfig.8.gz -%{_sbindir}/suffix2instance -%{_mandir}/man8/suffix2instance.8.gz -%{_sbindir}/upgradednformat -%{_mandir}/man8/upgradednformat.8.gz -%{_libexecdir}/%{pkgname}/ds_selinux_enabled -%{_libexecdir}/%{pkgname}/ds_selinux_port_query -%{_sbindir}/restart-dirsrv -%{_mandir}/man8/restart-dirsrv.8.gz -%{_sbindir}/start-dirsrv -%{_mandir}/man8/start-dirsrv.8.gz -%{_sbindir}/status-dirsrv -%{_mandir}/man8/status-dirsrv.8.gz -%{_sbindir}/stop-dirsrv -%{_mandir}/man8/stop-dirsrv.8.gz -%if %{use_perl} -%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig -%{_mandir}/man5/template-initconfig.5.gz -%{_datadir}/%{pkgname}/properties/*.res -%{_datadir}/%{pkgname}/script-templates -%{_datadir}/%{pkgname}/updates -%{_mandir}/man1/dbgen.pl.1.gz -%{_bindir}/repl-monitor -%{_mandir}/man1/repl-monitor.1.gz -%{_bindir}/repl-monitor.pl -%{_mandir}/man1/repl-monitor.pl.1.gz -%{_bindir}/cl-dump -%{_mandir}/man1/cl-dump.1.gz -%{_bindir}/cl-dump.pl -%{_mandir}/man1/cl-dump.pl.1.gz -%{_bindir}/dbgen.pl -%{_mandir}/man8/bak2db.pl.8.gz -%{_sbindir}/bak2db.pl -%{_sbindir}/cleanallruv.pl -%{_mandir}/man8/cleanallruv.pl.8.gz -%{_sbindir}/db2bak.pl -%{_mandir}/man8/db2bak.pl.8.gz -%{_sbindir}/db2index.pl -%{_mandir}/man8/db2index.pl.8.gz -%{_sbindir}/db2ldif.pl -%{_mandir}/man8/db2ldif.pl.8.gz -%{_sbindir}/fixup-linkedattrs.pl -%{_mandir}/man8/fixup-linkedattrs.pl.8.gz -%{_sbindir}/fixup-memberof.pl -%{_mandir}/man8/fixup-memberof.pl.8.gz -%{_sbindir}/ldif2db.pl -%{_mandir}/man8/ldif2db.pl.8.gz -%{_sbindir}/migrate-ds.pl -%{_mandir}/man8/migrate-ds.pl.8.gz -%{_sbindir}/ns-accountstatus.pl -%{_mandir}/man8/ns-accountstatus.pl.8.gz -%{_sbindir}/ns-activate.pl -%{_mandir}/man8/ns-activate.pl.8.gz -%{_sbindir}/ns-inactivate.pl -%{_mandir}/man8/ns-inactivate.pl.8.gz -%{_sbindir}/ns-newpwpolicy.pl -%{_mandir}/man8/ns-newpwpolicy.pl.8.gz -%{_sbindir}/remove-ds.pl -%{_mandir}/man8/remove-ds.pl.8.gz -%{_sbindir}/schema-reload.pl -%{_mandir}/man8/schema-reload.pl.8.gz -%{_sbindir}/setup-ds.pl -%{_mandir}/man8/setup-ds.pl.8.gz -%{_sbindir}/syntax-validate.pl -%{_mandir}/man8/syntax-validate.pl.8.gz -%{_sbindir}/usn-tombstone-cleanup.pl -%{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz -%{_sbindir}/verify-db.pl -%{_mandir}/man8/verify-db.pl.8.gz -%{_libdir}/%{pkgname}/perl -%endif %files snmp %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel @@ -747,4125 +1042,52 @@ exit 0 %{_mandir}/man1/ldap-agent.1.gz %{_unitdir}/%{pkgname}-snmp.service -%files -n python%{python3_pkgversion}-lib389 -%doc LICENSE LICENSE.GPLv3+ -%{python3_sitelib}/lib389* -%{_sbindir}/dsconf -%{_mandir}/man8/dsconf.8.gz -%{_sbindir}/dscreate -%{_mandir}/man8/dscreate.8.gz -%{_sbindir}/dsctl -%{_mandir}/man8/dsctl.8.gz -%{_sbindir}/dsidm -%{_mandir}/man8/dsidm.8.gz -%{_sbindir}/dscontainer +%if %{with bundle_libdb} +%files bdb +%doc LICENSE LICENSE.GPLv3+ README.devel LICENSE.libdb README.libdb lgpl-2.1.txt.libdb +%{_libdir}/%{pkgname}/%{libdb_bundle_name} +%{_libdir}/%{pkgname}/plugins/libback-bdb.so +%endif +%files -n python%{python3_pkgversion}-lib389 -f %{pyproject_files} +%doc src/lib389/README.md +%license LICENSE LICENSE.GPLv3+ +# Binaries +%{_bindir}/dsconf +%{_bindir}/dscreate +%{_bindir}/dsctl +%{_bindir}/dsidm +%{_bindir}/openldap_to_ds +%{_libexecdir}/%{pkgname}/dscontainer +# Man pages +%{_mandir}/man8/dsconf.8.gz +%{_mandir}/man8/dscreate.8.gz +%{_mandir}/man8/dsctl.8.gz +%{_mandir}/man8/dsidm.8.gz +%{_mandir}/man8/openldap_to_ds.8.gz +%exclude %{_mandir}/man1 +# Bash completions for scripts provided by python3-lib389 +%{bash_completions_dir}/dsctl +%{bash_completions_dir}/dsconf +%{bash_completions_dir}/dscreate +%{bash_completions_dir}/dsidm + +%if %{with cockpit} %files -n cockpit-389-ds -f cockpit.list %{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml %doc README.md +%endif + +%if %{with libbdb_ro} +%files robdb-libs +%license COPYING.librobdb COPYING.RPM +%doc %{_defaultdocdir}/%{name}-robdb-libs/README.md +%{_libdir}/%{pkgname}/librobdb.so +%{_licensedir}/%{name}-robdb-libs/COPYING +%{_licensedir}/%{name}/COPYING.RPM +%{_licensedir}/%{name}/COPYING.librobdb + +%endif %changelog -* Wed Jul 24 2019 Fedora Release Engineering - 1.4.1.6-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Fri Jul 19 2019 Mark Reynolds - 1.4.1.6-1 -- Bump version to 1.4.1.6 -- Issue 50355 - SSL version min and max not correctly applied -- Issue 50497 - Port cl-dump.pl tool to Python using lib389 -- Issue 48851 - investigate and port TET matching rules filter tests(Final) -- Issue 50417 - fix regression from previous commit -- Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file -- Issue 50325 - Add Security tab to UI -- Issue 49789 - By default, do not manage unhashed password -- Issue 49421 - Implement password hash upgrade on bind. -- Issue 49421 - on bind password upgrade proof of concept -- Issue 50493 - connection_is_free to trylock -- Issue 50459 - Correct issue with allocation state -- Issue 50499 - Fix audit issues and remove jquery from the whitelist -- Issue 50459 - c_mutex to use pthread_mutex to allow ns sharing -- Issue 50484 - Add a release build dockerfile and dscontainer improvements -- Issue 50486 - Update jemalloc to 5.2.0 - -* Mon Jul 8 2019 Mark Reynolds - 1.4.1.5-1 -- Bump version to 1.4.1.5 -- Issue 50431 - Fix regression from coverity fix (crash in memberOf plugin) -- Issue 49239 - Add a new CI test case -- Issue 49997 - Add a new CI test case -- Issue 50177 - Add a new CI test case, also added fixes in lib389 -- Issue 49761 - Fix CI test suite issues -- Issue 50474 - Unify result codes for add and modify of repl5 config -- Issue 50472 - memory leak with encryption -- Issue 50462 - Fix Root DN access control plugin CI tests -- Issue 50462 - Fix CI tests -- Issue 50217 - Implement dsconf security section -- Issue 48851 - Add more test cases to the match test suite. -- Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients -- Issue 50439 - fix waitpid issue when pid does not exist -- Issue 50454 - Fix Cockpit UI branding -- Issue 48851 - investigate and port TET matching rules filter tests(index) -- Issue 49232 - Truncate the message when buffer capacity is exceeded - -* Tue Jun 18 2019 Mark Reynolds - 1.4.1.4-1 -- Bump version to 1.4.1.4 -- Issue 49361 - Use IPv6 friendly network functions -- Issue 48851 - Investigate and port TET matching rules filter tests(bug772777) -- Issue 50446 - NameError: name 'ds_is_older' is not defined -- Issue 49602 - Revise replication status messages -- Issue 50439 - Update docker integration to work out of source directory -- Issue 50037 - revert path changes as it breaks prefix/rpm builds -- Issue 50431 - Fix regression from coverity fix -- Issue 50370 - CleanAllRUV task crashing during server shutdown -- Issue 48851 - investigate and port TET matching rules filter tests(match) -- Issue 50417 - Fix missing quote in some legacy tools -- Issue 50431 - Fix covscan warnings -- Revert "Issue 49960 - Core schema contains strings instead of numer oids" -- Issue 50426 - nsSSL3Ciphers is limited to 1024 characters -- Issue 50052 - Fix rpm.mk according to audit-ci change -- Issue 50365 - PIDFile= references path below legacy directory /var/run/ -- Issue 50428 - Log the actual base DN when the search fails with "invalid attribute request" -- Issue 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS -- Issue 50417 - Revise legacy tool scripts to work with new systemd changes -- Issue 48851 - Add more search filters to vfilter_simple test suite -- Issue 49761 - Fix CI test suite issues -- Issue 49875 - Move SystemD service config to a drop-in file -- Issue 50413 - ds-replcheck - Always display the Result Summary -- Issue 50052 - Add package-lock.json and use "npm ci" -- Issue 48851 - investigate and port TET matching rules filter tests(vfilter simple) -- Issue 50355 - NSS can change the requested SSL min and max versions -- Issue 48851 - investigate and port TET matching rules filter tests(vfilter_ld) -- Issue 50390 - Add Managed Entries Plug-in Config Entry schema -- Issue 49730 - Remove unused Mozilla ldapsdk variables - -* Fri May 31 2019 Jitka Plesnikova - 1.4.1.3-1.1 -- Perl 5.30 rebuild - -* Fri May 24 2019 Mark Reynolds - 1.4.1.3-1 -- Bump version to 1.4.1.3 -- Issue 49761 - Fix CI test suite issues -- Issue 50041 - Add the rest UI Plugin tabs - Part 2 -- Issue 50340 - 2nd try - structs for diabled plugins will not be freed -- Issue 50403 - Instance creation fails on 1.3.9 using perl utils and latest lib389 -- Issue 50389 - ns-slapd craches while two threads are polling the same connection -- Issue 48851 - investigate and port TET matching rules filter tests(scanlimit) -- Issue 50037 - lib389 fails to install in venv under non-root user -- Issue 50112 - Port ACI test suit from TET to python3(userattr) -- Issue 50393 - maxlogsperdir accepting negative values -- Issue 50112 - Port ACI test suit from TET to python3(roledn) -- Issue 49960 - Core schema contains strings instead of numer oids -- Issue 50396 - Crash in PAM plugin when user does not exist -- Issue 50387 - enable_tls() should label ports with ldap_port_t -- Issue 50390 - Add Managed Entries Plug-in Config Entry schema -- Issue 50306 - Fix regression with maxbersize -- Issue 50384 - Missing dependency: cracklib-dicts -- Issue 49029 - [RFE] improve internal operations logging -- Issue 49761 - Fix CI test suite issues -- Issue 50374 - dsdim posixgroup create fails with ERROR -- Issue 50251 - clear text passwords visable in CLI verbose mode logging -- Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients -- Issue 48851 - investigate and port TET matching rules filter tests -- Issue 50220 - attr_encryption test suite failing -- Issue 50370 - CleanAllRUV task crashing during server shutdown -- Issue 50340 - structs for disabled plugins will not be freed -- Issue 50164 - Add test for dscreate to basic test suite -- Issue 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes -- Issue 49730 - MozLDAP bindings have been unsupported for a while -- Issue 50353 - Categorize tests by tiers -- Issue 50303 - Add creation date to task data -- Issue 50358 - Create a Bitwise Plugin class in plugins.py -- Remove the nss3 path prefix from the cert.h C preprocessor source file inclusion -- Issue 50329 - revert fix -- Issue 50112 - Port ACI test suit from TET to python3(keyaci) -- Issue 50344 - tidy rpm vs build systemd flag handling -- Issue 50067 - Fix krb5 dependency in a specfile -- Issue 50340 - structs for diabled plugins will not be freed -- Issue 50327 - Add replication conflict support to UI -- Issue 50327 - Add replication conflict entry support to lib389/CLI -- Issue 50329 - improve connection default parameters -- Issue 50313 - Add a NestedRole type to lib389 -- Issue 50112 - Port ACI test suit from TET to python3(Delete and Add) -- Issue 49390, 50019 - support cn=config compare operations -- Issue 50041 - Add the rest UI Plugin tabs - Part 1 -- Issue 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS -- Issue 49990 - Increase the default FD limits -- Issue 50306 - (cont typo) Move connection config inside struct -- Issue 50291 - Add monitor tab functionality to Cockpit UI -- Issue 50317 - fix ds-backtrace issue on latest gdb -- Issue 50305 - Revise CleanAllRUV task restart process -- Issue 49915 - Fix typo -- Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is modified -- Issue 49899 - fix pin.txt and pwdfile permissions -- Issue 49915 - Add regression test -- Issue 50303 - Add task creation date to task data -- Issue 50306 - Move connection config inside struct -- Issue 50240 - Improve task logging -- Issue 50032 - Fix deprecation warnings in tests -- Issue 50310 - fix sasl header include -- Issue 49390 - improve compare and cn=config compare tests - -* Wed Apr 03 2019 Adam Williamson - 1.4.1.2-3 -- Rebuild without changes to be newer than 1.4.1.2-1 (see #1694990) - -* Fri Mar 29 2019 Mark Reynolds - 1.4.1.2-2 -- Bump version to 1.4.1.2-2 -- Fix lib389 python requirement - -* Fri Mar 29 2019 Mark Reynolds - 1.4.1.2-1 -- Bump version to 1.4.1.2-1 -- Ticket 50308 - Revise memory leak fix -- Ticket 50308 - Fix memory leaks for repeat binds and replication -- Ticket 40067 - Use PKG_CHECK_MODULES to detect libraries -- Ticket 49873 - (cont 3rd) cleanup debug log -- Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup -- Ticket 50292 - Fix Plugin CLI and UI issues -- Ticket 50112 - Port ACI test suit from TET to python3(misc and syntax) -- Ticket 50289 - Fix various database UI issues -- Ticket 49463 - After cleanALLruv, replication is looping on keep alive DEL -- Ticket 50300 - Fix memory leak in automember plugin -- Ticket 50265 - the warning about skew time could last forever -- Ticket 50260 - Invalid cache flushing improvements -- Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry -- Ticket 50077 - Do not automatically turn automember postop modifies on -- Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members -- Ticket 49715 - extend account functionality -- Ticket 49873 - (cont) Contention on virtual attribute lookup -- Ticket 50260 - backend txn plugins can corrupt entry cache -- Ticket 50255 - Port password policy test to use DSLdapObject -- Ticket 49667 - 49668 - remove old spec files -- Ticket 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present -- Ticket 50112 - Port ACI test suit from TET to python3(Search) -- Ticket 50259 - implement dn construction test -- Ticket 50273 - reduce default replicaton agmt timeout -- Ticket 50208 - lib389- Fix issue with list all instances -- Ticket 50112 - Port ACI test suit from TET to python3(Global Group) -- Ticket 50041 - Add CLI functionality for special plugins -- Ticket 50263 - LDAPS port not listening after installation -- Ticket 49575 - Indicate autosize value errors and corrective actions -- Ticket 50137 - create should not check in non-stateful mode for exist -- Ticket 49655 - remove doap file -- Ticket 50197 - Fix dscreate regression -- Ticket 50234 - one level search returns not matching entry -- Ticket 50257 - lib389 - password policy user vs subtree checks are broken -- Ticket 50253 - Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py -- Ticket 49029 - [RFE] improve internal operations logging -- Ticket 50230 - improve ioerror msg when not root/dirsrv -- Ticket 50246 - Fix the regression in old control tools -- Ticket 50197 - Container integration part 2 -- Ticket 50197 - Container init tools -- Ticket 50232 - export creates not importable ldif file -- Ticket 50215 - UI - implement Database Tab in reachJS -- Ticket 50243 - refint modrdn stress test -- Ticket 50238 - Failed modrdn can corrupt entry cache -- Ticket 50236 - memberOf should be more robust -- Ticket 50213 - fix list instance issue -- Ticket 50219 - Add generic filter to DSLdapObjects -- Ticket 50227 - Making an cosClassicDefinition type in src/lib389/lib389/cos.py -- Ticket 50112 - Port ACI test suit from TET to python3(modify) -- Ticket 50224 - warnings on deprecated API usage -- Ticket 50112 - Port ACI test suit from TET to python3(valueaci) -- Ticket 50112 - Port ACI test suit from TET to python3(Aci Atter) -- Ticket 50208 - make instances mark off based on dse.ldif not sysconfig -- Ticket 50170 - composable object types for nsRole in lib389 -- Ticket 50199 - disable perl by default -- Ticket 50211 - Making an actual Anonymous type in lib389/idm/account.py -- Ticket 50155 - password history check has no way to just check the current password -- Ticket 49873 - Contention on virtual attribute lookup -- Ticket 50197 - Container integration improvements -- Ticket 50195 - improve selinux error messages in interactive -- Ticket 49658 - In replicated topology a single-valued attribute can diverge -- Ticket 50111 - Use pkg-config to detect icu -- Ticket 50165 - Fix issues with dscreate -- Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status -- Ticket 50140 - Use high ports in container installs -- Ticket 50184 - Add cli tool parity to dsconf/dsctl -- Ticket 50159 - sssd and config display - -* Thu Jan 31 2019 Fedora Release Engineering - 1.4.1.1-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Wed Jan 30 2019 Mark Reynolds - 1.4.1.1-1 -- Bump version to 1.4.1.1 -- Ticket 50151 - lib389 support cli add/replace/delete on objects -- Ticket 50041 - CLI and WebUI - Add memberOf plugin functionality - -* Wed Jan 23 2019 Pete Walter - 1.4.0.20-1.2 -- Rebuild for ICU 63 - -* Mon Jan 14 2019 Björn Esser - 1.4.0.20-1.1 -- Rebuilt for libcrypt.so.2 (#1666033) - -* Fri Dec 14 2018 Mark Reynolds - 1.4.0.20-1 -- Bump version to 1.4.0.20 -- Ticket 49994 - Add test for backend/suffix CLI functions -- Ticket 50090 - refactor fetch_attr() to slapi_fetch_attr() -- Ticket 50091 - shadowWarning is not generated if passwordWarning is lower than 86400 seconds (1 day) -- Ticket 50056 - Fix CLI/UI bugs -- Ticket 49864 - Revised replication status messages for transient errors -- Ticket 50071 - Set ports in local_simple_allocate function -- Ticket 50065 - lib389 aci parsing is too strict -- Ticket 50061 - Improve schema loading in UI -- Ticket 50063 - Crash after attempting to restore a single backend -- Ticket 50062 - Replace error by warning in the state machine defined in repl5_inc_run -- Ticket 50041 - Set the React dataflow foundation and add basic plugin UI -- Ticket 50028 - Revise ds-replcheck usage -- TIcket 50057 - Pass argument into hashtable_new -- Ticket 50053 - improve testcase -- Ticket 50053 - Subtree password policy overrides a user-defined password policy -- Ticket 49974 - lib389 - List instances with initconfig_dir instead of sysconf_dir -- Ticket 49984 - Add an empty domain creation to the dscreate -- Ticket 49950 - PassSync not setting pwdLastSet attribute in Active Directory after Pw update from LDAP sync for normal user -- Ticket 50046 - Remove irrelevant debug-log messages from CLI tools -- Ticket 50022, 50012, 49956, and 49800: Various dsctl/dscreate fixes -- Ticket 49927 - dsctl db2index does not work -- Ticket 49814 - dscreate should handle selinux ports that are in a range -- Ticket 49543 - fix certmap dn comparison -- Ticket 49994 - comment out dev paths -- Ticket 49994 - Add backend features to CLI -- Ticket 48081 - Add new CI tests for password - -* Thu Nov 1 2018 Mark Reynolds - 1.4.0.19-1 -- Bump version to 1.4.0.19 -- Ticket 50026 - audit logs does not capture the operation where nsslapd-lookthroughlimit is modified -- Ticket 50020 - during MODRDN referential integrity can fail erronously while updating large groups -- Ticket 49999 - Finish up the transfer to React -- Ticket 50004 - lib389 - improve X-ORIGIN schema parsing -- Ticket 50013 - Log warn instead of ERR when aci target does not exist. -- Ticket 49975 - followup for broken prefix deployment -- Ticket 49999 - Add dist-bz2 target for Koji build system -- Ticket 49814 - Add specfile requirements for python3-libselinux -- Ticket 49814 - Add specfile requirements for python3-selinux -- Ticket 49999 - Integrate React structure into cockpit-389-ds -- Ticket 49995 - Fix Tickets with internal op logging -- Ticket 49997 - RFE: ds-replcheck could validate suffix exists and it's replicated -- Ticket 49985 - memberof may silently fails to update a member -- Ticket 49967 - entry cache corruption after failed MODRDN -- Ticket 49975 - Add missing include file to main.c -- Ticket 49814 - skip standard ports for selinux labelling -- Ticket 49814 - dscreate should set the port selinux labels -- Ticket 49856 - Remove backend option from bak2db -- Ticket 49926 - Fix various Tickets with replication UI -- Ticket 49975 - SUSE rpmlint Tickets -- Ticket 49939 - Fix ldapi path in lib389 -- Ticket 49978 - Add CLI logging function for UI -- Ticket 49929 - Modifications required for the Test Case Management System -- Ticket 49979 - Fix regression in last commit -- Ticket 49979 - Remove dirsrv tests subpackage -- Ticket 49928 - Fix various small WebUI schema Tickets -- Ticket 49926 - UI - comment out dev cli patchs -- Ticket 49926 - Add replication functionality to UI - -* Wed Oct 10 2018 Mark Reynolds - 1.4.0.18-1 -- Bump version to 1.4.0.18 -- Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from filter_candidates_ext -- Ticket 49946 - upgrade of 389-ds-base could remove replication agreements. -- Ticket 49969 - DOS caused by malformed search operation (part 2) - -* Tue Oct 9 2018 Mark Reynolds - 1.4.0.17-2 -- Bump version to 1.4.0.17-2 -- Ticket 49969 - DOS caused by malformed search operation (security fix) -- Ticket 49943 - rfc3673_all_oper_attrs_test is not strict enough -- Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and replication cannot finish -- Ticket 49963 - ASAN build fails on F28 -- Ticket 49947 - Coverity Fixes -- Ticket 49958 - extended search fail to match entries -- Ticket 49928 - WebUI schema functionality and improve CLI part -- Ticket 49954 - On s390x arch retrieved DB page size is stored as size_t rather than uint32_t -- Ticket 49928 - Refactor and improve schema CLI/lib389 part to DSLdapObject -- Ticket 49926 - Fix replication tests on 1.3.x -- Ticket 49926 - Add replication functionality to dsconf -- Ticket 49887 - Clean up thread local usage -- Ticket 49937 - Log buffer exceeded emergency logging msg is not thread-safe (security fix) -- Ticket 49866 - fix typo in cos template in pwpolicy subtree create -- Ticket 49930 - Correction of the existing fixture function names to remove test_ prefix -- Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly -- Ticket 48053 - Add attribute encryption test cases -- Ticket 49866 - Refactor PwPolicy lib389/CLI module -- Ticket 49877 - Add log level functionality to UI - -* Fri Aug 24 2018 Mark Reynolds - 1.4.0.16-1 -- Bump version to 1.4.0.16 -- Revert "Ticket 49372 - filter optimisation improvements for common queries" -- Revert "Ticket 49432 - filter optimise crash" -- Ticket 49887: Fix SASL map creation when --disable-perl -- Ticket 49858 - Add backup/restore and import/export functionality to WebUI/CLI - -* Thu Aug 16 2018 Mark Reynolds - 1.4.0.15-1 -- Bump version to 1.4.0.15 -- Ticket 49029 - Internal logging thread data needs to allocate int pointers -- Ticket 48061 : CI test - config -- Ticket 48377 - Only ship libjemalloc.so.2 -- Ticket 49885 - On some platform fips does not exist - -* Mon Aug 13 2018 Mark Reynolds - 1.4.0.14-2 -- Bump version to 1.4.0.14-2 -- Fix legacy tool scriplet error -- Remove ldconfig calls -- Only provide libjemalloc.so.2 - -* Fri Aug 10 2018 Mark Reynolds - 1.4.0.14-1 -- Bump version to 1.4.0.14 -- Ticket 49891 - Use "__python3" macro for python scripts -- Ticket 49890 - ldapsearch with server side sort crashes the ldap server -- Ticket 49029 - RFE -improve internal operations logging -- Ticket 49893 - disable nunc-stans by default -- Ticket 48377 - Update file name for LD_PRELOAD -- Ticket 49884 - Improve nunc-stans test to detect socket errors sooner -- Ticket 49888 - Use perl filter in rpm specfile -- Ticket 49866 - Add password policy features to CLI/UI -- Ticket 49881 - Missing check for crack.h -- Ticket 48056 - Add more test cases to the basic suite -- Ticket 49761 - Fix replication test suite issues -- Ticket 49381 - Refactor the plugin test suite docstrings -- Ticket 49837 - Add new password policy attributes to UI -- Ticket 49794 - RFE - Add pam_pwquality features to password syntax checking -- Ticket 49867 - Fix CLI tools' double output - -* Thu Jul 19 2018 Mark Reynolds - 1.4.0.13-1 -- Bump version to 1.4.0.13 -- Ticket 49854 - ns-slapd should create run_dir and lock_dir directories at startup -- Ticket 49806 - Add SASL functionality to CLI/UI -- Ticket 49789 - backout original security fix as it caused a regression in FreeIPA -- Ticket 49857 - RPM scriptlet for 389-ds-base-legacy-tools throws an error - -* Tue Jul 17 2018 Mark Reynolds - 1.4.0.12-1 -- Bump version to 1.4.0.12-1 -- Ticket 48377 - Move jemalloc license to /usr/share/licences -- Ticket 49813 - Revised interactive installer -- Ticket 49789 - By default, do not manage unhashed password -- Ticket 49844 - lib389: don't set up logging at module scope -- Ticket 49546 - Fix issues with MIB file -- Ticket 49840 - ds-replcheck command returns traceback errors against ldif files having garbage content when run in offline mode -- Ticket 49640 - Cleanup plugin bootstrap logging -- Ticket 49835 - lib389: fix logging -- Ticket 48818 - For a replica bindDNGroup, should be fetched the first time it is used not when the replica is started -- Ticket 49780 - acl_copyEval_context double free -- Ticket 49830 - Import fails if backend name is "default" -- Ticket 49832 - remove tcmalloc references -- Ticket 49813 - dscreate - add interactive installer -- Ticket 49808 - Add option to add backend to dscreate -- Ticket 49811 - lib389 setup.py should install autogenerated man pages -- Ticket 49795 - UI - add "action" backend funtionality -- Ticket 49588 - Add py3 support for tickets : part-3 -- Ticket 49820 - lib389 requires wrong python ldap library -- Ticket 49791 - Update docker file for new dscreate options -- Ticket 49761 - Fix more CI test issues -- Ticket 49811 - Update man pages -- Ticket 49783 - UI - add server configuration backend -- Ticket 49717 - Add conftest.py for tests -- Ticket 49588 - Add py3 support for tickets -- Ticket 49793 - Updated descriptions in dscreate example INF file -- Ticket 49471 - Rename dscreate options -- Ticket 49751 - passwordMustChange attribute is not honored by a RO consumer if using "Chain on Update" -- Ticket 49734 - Fix various issues with Disk Monitoring -- Update Source0 URL in rpm/389-ds-base.spec.in - - -* Thu Jul 12 2018 Fedora Release Engineering - 1.4.0.11-2.5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jul 10 2018 Pete Walter - 1.4.0.11-2.4 -- Rebuild for ICU 62 - -* Tue Jul 03 2018 Petr Pisar - 1.4.0.11-2.3 -- Perl 5.28 rebuild - -* Mon Jul 02 2018 Miro Hrončok - 1.4.0.11-2.2 -- Rebuilt for Python 3.7 - -* Fri Jun 29 2018 Jitka Plesnikova - 1.4.0.11-2.1 -- Perl 5.28 rebuild - -* Thu Jun 21 2018 Mark Reynolds - 1.4.0.11-2 -- Bump version to 1.4.0.11-2 -- Add python3-lib389 requirement - -* Tue Jun 19 2018 Mark Reynolds - 1.4.0.11-1 -- Bump version to 1.4.0.11 -- Test for issue #49788 -- Fixing 4-byte UTF-8 character validation -- Ticket 49777 - add config subcommand to dsconf -- Ticket 49712 - lib389 CLI tools should return a result code on failures -- Issue 49588 - Add py3 support for tickets : part-2 -- Remove old RHEL/fedora version checking from upstream specfile -- Ticket 48204 - remove python2 from scripts -- Ticket 49576 - ds-replcheck: fix certificate directory verification -- Bug 1591761 - 389-ds-base: Remove jemalloc exports - -* Tue Jun 19 2018 Miro Hrončok - 1.4.0.10-2.1 -- Rebuilt for Python 3.7 - -* Fri Jun 8 2018 Mark Reynolds - 1.4.0.10-2 -- Bump verision to 1.4.0.10-2 -- Remove reference ro stop-dirsrv from legacy tools - -* Fri Jun 8 2018 Mark Reynolds - 1.4.0.10-1 -- Bump verision to 1.4.0.10-1 -- Ticket 49640 - Errors about PBKDF2 password storage plugin at server startup -- Ticket 49571 - perl subpackage and python installer by default -- Ticket 49740 - UI - Replication monitor color coding is not colorblind friendly -- Ticket 49741 - UI - View/Edit replication agreement hangs WebUI -- Ticket 49703 - UI - Set default values in create instance form -- Ticket 49742 - Fine grained password policy can impact search performance -- Ticket 49768 - Under network intensive load persistent search can erronously decrease connection refcnt -- Ticket 49765 - compiler warning -- Ticket 49689 - Cockpit subpackage does not build in PREFIX installations -- Ticket 49765 - Async operations can hang when the server is running nunc-stans -- Ticket 49745 - UI add filter options for error log severity levels -- Ticket 49761 - Fix test suite issues -- Ticket 49754 - instances created with dscreate can not be upgraded with setup-ds.pl -- Ticket 47902 - UI - add continuous refresh log feature -- Ticket 49381 - Add docstrings to plugin test suites - Part 1 -- Ticket 49646 - Improve TLS cert processing in lib389 CLI -- Ticket 49748 - Passthru plugin startTLS option not working -- Ticket 49732 - Optimize resource limit checking for rootdn issued searches -- Ticket 48377 - Bundle jemalloc -- Ticket 49736 - Hardening of active connection list -- Ticket 48184 - clean up and delete connections at shutdown (3rd) -- Ticket 49675 - Revise coverity fix -- Ticket 49333 - Do not remove versioned man pages -- Ticket 49683 - Add support for JSON option in lib389 CLI tools -- Ticket 49704 - Error log from the installer is concatenating all lines into one -- Ticket 49726 - DS only accepts RSA and Fortezza cipher families -- Ticket 49722 - Errors log full of " WARN - keys2idl - recieved NULL idl from index_read_ext_allids, treating as empty set" messages -- Ticket 49582 - Add py3 support to memberof_plugin test suite -- Ticket 49675 - Fix coverity issues -- Ticket 49576 - Add support of ";deletedattribute" in ds-replcheck -- Ticket 49706 - Finish UI patternfly convertions -- Ticket 49684 - AC_PROG_CC clobbers CFLAGS set by --enable-debug -- Ticket 49678 - organiSational vs organiZational spelling in lib389 -- Ticket 49689 - Fix local "make install" after adding cockpit subpackage -- Ticket 49689 - Move Cockpit UI plugin to a subpackage -- Ticket 49679 - Missing nunc-stans documentation and doxygen warnings -- Ticket 49588 - Add py3 support for tickets : part-1 -- Ticket 49576 - Update ds-replcheck for new conflict entries -- Ticket 48184 - clean up and delete connections at shutdown (2nd try) -- Ticket 49698 - Remove unneeded patternfly files from Cockpit package -- Ticket 49581 - Fix dynamic plugins test suite -- Ticket 49665 - remove obsoleted upgrade scripts -- Ticket 49693 - A DB_DEADLOCK while adding a tombstone (RUV) leads to access of an already freed entry -- Ticket 49696 - replicated operations should be serialized -- Ticket 49669 - Invalid cachemem size can crash the server during a restore -- Ticket 49684 - AC_PROG_CC clobbers CFLAGS set by --enable-debug -- Ticket 49685 - make clean fails if cargo is not installed -- Ticket 49106 - Move ds_* scripts to libexec -- Ticket 49657 - Fix cascading replication scenario in lib389 API -- Ticket 49671 - Readonly replicas should not write internal ops to changelog -- Ticket 49673 - nsslapd-cachememsize can't be set to a value bigger than MAX_INT -- Ticket 49519 - Convert Cockpit UI to use strictly patternfly stylesheets -- Ticket 49665 - Upgrade script doesn't enable CRYPT password storage plug-in -- Ticket 49665 - Upgrade script doesn't enable PBKDF2 password storage plug-in - -* Tue May 15 2018 Mark Reynolds - 1.4.0.9-2 -- Bump version to 1.4.0.9-2 -- Add openssl-perl requirement for new python installer - -* Tue May 8 2018 Mark Reynolds - 1.4.0.9-1 -- Bump version to 1.4.0.9 -- Ticket 49661 - CVE-2018-1089 - Crash from long search filter -- Ticket 49652 - DENY aci's are not handled properly -- Ticket 49650 - lib389 enable_tls doesn't work on F28 -- Ticket 49538 - replace cacertdir_rehash with openssl rehash -- Ticket 49406 - Port backend_test.py test to DSLdapObject implementation -- Ticket 49649 - Use reentrant crypt_r() -- Ticket 49642 - lib389 should generate a more complex password -- Ticket 49612 - lib389 remove_ds_instance() does not remove systemd units -- Ticket 49644 - crash in debug build - -* Mon Apr 30 2018 Pete Walter - 1.4.0.8-1.1 -- Rebuild for ICU 61.1 - -* Thu Apr 19 2018 Mark Reynolds - 1.4.0.8-1 -- Bump version to 1.4.0.8-1 -- Ticket 49639 - Crash when failing to read from SASL conn -- Ticket 49109 - nsDS5ReplicaTransportInfo should accept StartTLS as an option -- Ticket 49586 - Add py3 support to plugins test suite -- Ticket 49511 - memory leak in pwdhash - -* Mon Apr 16 2018 Mark Reynolds - 1.4.0.7-2 -- Bump version to 1.4.0.7-2 -- Fix the devel srvcore requirements - -* Fri Apr 13 2018 Mark Reynolds - 1.4.0.7-1 -- Bump version to 1.4.0.7 -- Ticket 49477 - Missing pbkdf python -- Ticket 49552 - Fix the last of the build issues on F28/29 -- Ticket 49522 - Fix build issues on F28 -- Ticket 49631 - same csn generated twice -- Ticket 49585 - Add py3 support to password test suite : part-3 -- Ticket 49585 - Add py3 support to password test suite : part-2 -- Ticket 48184 - revert previous patch around unuc-stans shutdown crash -- Ticket 49585 - Add py3 support to password test suite -- Ticket 46918 - Fix compiler warnings on arm -- Ticket 49601 - Replace HAVE_SYSTEMD define with WITH_SYSTEMD in svrcore -- Ticket 49619 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received -- Ticket 49608 - Add support for gcc/clang sanitizers -- Ticket 49606 - Improve lib389 documentation -- Ticket 49552 - Fix build issues on F28 -- Ticket 49603 - 389-ds-base package rebuilt on EPEL can't be installed due to missing dependencies -- Ticket 49593 - NDN cache stats should be under the global stats -- Ticket 49599 - Revise replication total init status messages -- Ticket 49596 - repl-monitor.pl fails to find db tombstone/RUV entry -- Ticket 49589 - merge svrcore into 389-ds-base -- Ticket 49560 - Add a test case for extract-pemfiles -- Ticket 49239 - Add a test suite for ds-replcheck tool RFE -- Ticket 49369 - merge svrcore into 389-ds-base - -* Thu Mar 29 2018 Till Maas - 1.4.0.6-3 -- Remove BR on tcp_wrappers (https://bugzilla.redhat.com/show_bug.cgi?id=1518749) - -* Tue Mar 6 2018 Mark Reynolds - 1.4.0.6-1 -- Bump version to 1.4.0.6 -- Ticket 49545 - final substring extended filter search returns invalid result -- Ticket 49572 - ns_job_wait race on condvar -- Ticket 49584 - Fix Tickets with paged_results test suite -- Ticket 49161 - memberof fails if group is moved into scope -- Ticket 49447 - PBKDF2 on upgrade -- ticket 49551 - correctly handle subordinates and tombstone numsubordinates -- Ticket 49043 - Add replica conflict test suite -- Ticket 49296 - Fix race condition in connection code with anonymous limits -- Ticket 49568 - Fix integer overflow on 32bit platforms -- Ticket 48085 - Add encryption cl5 test suite -- Ticket 49566 - ds-replcheck needs to work with hidden conflict entries -- Ticket 49519 - Add more Cockpit UI content -- Ticket 49551 - fix memory leak found by coverity -- Ticket 49551 - v3 - correct handling of numsubordinates for cenotaphs and tombstone delete -- Ticket 49278 - Add a new CI test case -- Ticket 49560 - nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl -- Ticket 49557 - Add config option for checking CRL on outbound SSL Connections -- Ticket 49446 - Add CI test case -- Ticket 35 - Description: Add support for managing automember to dsconf -- Ticket 49544 - cli release preperation -- Ticket 48006 - Add a new CI test case - -* Mon Feb 19 2018 Mark Reynolds - 1.4.0.5-1.7 -- Add cyrus-sasl-plain requirement - -* Thu Feb 15 2018 Mark Reynolds - 1.4.0.5-1.6 -- Fix python requirements for policycoreutils-python-utils - -* Thu Feb 15 2018 Mark Reynolds - 1.4.0.5-1.5 -- Fix package requirements to use Python 3 packages for LDAP and SELinux - -* Thu Feb 15 2018 Mark Reynolds - 1.4.0.5-1.4 -- Only exclude Ix86 arches - -* Thu Feb 15 2018 Adam Williamson - 1.4.0.5-1.3 -- Rebuild for libevent soname bump - -* Fri Feb 09 2018 Igor Gnatenko - 1.4.0.5-1.2 -- Escape macros in %%changelog - -* Wed Feb 07 2018 Fedora Release Engineering - 1.4.0.5-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Jan 31 2018 Mark Reynolds - 1.4.0.5-1 -- Bump version to 1.4.0.5 -- CVE-2017-15134 389-ds-base: Remote DoS via search filters in slapi_filter_sprintf -- Ticket 49546 - Fix broken snmp MIB file -- Ticket 49554 - update readme -- Ticket 49554 - Update Makefile for README.md -- Ticket 49400 - Make CLANG configurable -- Ticket 49530 - Add pseudolocalization option for dbgen -- Ticket 49523 - Fixed skipif marker, topology fixture and log message -- Ticket 49544 - Double check pw prompts -- Ticket 49548 - Cockpit UI - installer should also setup Cockpit - -* Fri Jan 26 2018 Mark Reynolds - 1.4.0.4-1 -- Bump version to 1.4.0.4 -- Ticket 49540 - Indexing task is reported finished too early regarding the backend status -- Ticket 49534 - Fix coverity regression -- Ticket 49544 - cli release preperation, group improvements -- Ticket 49542 - Unpackaged files on el7 break rpm build -- Ticket 49541 - repl config should not allow rid 65535 for masters -- Ticket 49370 - Add all the password policy defaults to a new local policy -- Ticket 49425 - improve demo objects for install -- Ticket 49537 - allow asan to build with stable rustc -- Ticket 49526 - Improve create_test.py script -- Ticket 49516 - Add python 3 support for replication suite -- Ticket 49534 - Fix coverity issues and regression -- Ticket 49532 - coverity issues - fix compiler warnings & clang issues -- Ticket 49531 - coverity issues - fix memory leaks -- Ticket 49463 - After cleanALLruv, there is a flow of keep alive DEL -- Ticket 49529 - Fix Coverity warnings: invalid deferences -- Ticket 49509 - Indexing of internationalized matching rules is failing -- Ticket 49527 - Improve ds* cli tool testing -- Ticket 49474 - purge saslmaps before gssapi test -- Ticket 49413 - Changelog trimming ignores disabled replica-agreement -- Ticket 49446 - cleanallruv should ignore cleaned replica Id in processing changelog if in force mode -- Ticket 49278 - GetEffectiveRights gives false-negative -- Ticket 49508 - memory leak in cn=replica plugin setup -- Ticket 48118 - Add CI test case -- Ticket 49520 - Cockpit UI - Add database chaining HTML -- Ticket 49512 - Add ds-cockpit-setup to rpm spec file -- Ticket 49523 - Refactor CI test -- Ticket 49524 - Password policy: minimum token length fails when the token length is equal to attribute length -- Ticket 49517 - Cockpit UI - Add correct png files -- Ticket 49517 - Cockput UI - revise config layout -- Ticket 49523 - memberof: schema violation error message is confusing as memberof will likely repair target entry -- Ticket 49312 - Added a new test case for "-D configdir" -- Ticket 49512 - remove backup directories from cockpit source -- Ticket 49512 - Add initial Cockpit UI Plugin -- Ticket 49515 - cannot link, missing -fPIC -- Ticket 49474 - Improve GSSAPI testing capability -- Ticket 49493 - heap use after free in csn_as_string -- Ticket 49379 - Add Python 3 support to CI test -- Ticket 49431 - Add CI test case -- Ticket 49495 - cos stress test and improvements. -- Ticket 49495 - Fix memory management is vattr. -- Ticket 49494 - python 2 bytes mode. -- Ticket 49471 - heap-buffer-overflow in ss_unescape -- Ticket 48184 - close connections at shutdown cleanly. -- Ticket 49218 - Certmap - support TLS tests -- Ticket 49470 - overflow in pblock_get -- Ticket 49443 - Add CI test case -- Ticket 49484 - Minor cli tool fixes. -- Ticket 49486 - change ns stress core to use absolute int width. -- Ticket 49445 - Improve regression test to detect memory leak. -- Ticket 49445 - Memory leak in ldif2db -- Ticket 49485 - Typo in gccsec_defs -- Ticket 49479 - Remove unused 'batch' argument from lib389 -- Ticket 49480 - Improvements to support IPA install. -- Ticket 49474 - sasl allow mechs does not operate correctly -- Ticket 49449 - Load sysctl values on rpm upgrade. -- Ticket 49374 - Add CI test case -- Ticket 49325 - fix rust linking. -- Ticket 49475 - docker poc improvements. -- Ticket 49461 - Improve db2index handling for test 49290 -- Ticket 47536 - Add Python 3 support and move test case to suites -- Ticket 49444 - huaf in task.c during high load import -- Ticket 49460 - replica_write_ruv log a failure even when it succeeds -- Ticket 49298 - Ticket with test case and remove-ds.pl -- Ticket 49408 - Add a test case for nsds5ReplicaId checks -- Ticket 3 lib389 - python 3 support for subset of pwd cases -- Ticket 35 lib389 - dsconf automember support - -* Sat Jan 20 2018 Björn Esser - 1.4.0.3-1.2 -- Rebuilt for switch to libxcrypt - -* Thu Nov 30 2017 Pete Walter - 1.4.0.3-1.1 -- Rebuild for ICU 60.1 - -* Mon Nov 20 2017 Mark Reynolds - 1.4.0.3-1 -- Bump version to 1.4.0.3 -- Ticket 49457 - Fix spal_meminfo_get function prototype -- Ticket 49455 - Add tests to monitor test suit. -- Ticket 49448 - dynamic default pw scheme based on environment. -- Ticket 49298 - fix complier warn -- Ticket 49298 - Correct error codes with config restore. -- Ticket 49454 - SSL Client Authentication breaks in FIPS mode -- Ticket 49453 - passwd.py to use pwdhash defaults. -- Ticket 49427 - whitespace in fedse.c -- Ticket 49410 - opened connection can remain no longer poll, like hanging -- Ticket 48118 - fix compiler warning for incorrect return type -- Ticket 49451 - Add environment markers to lib389 dependencies -- Ticket 49325 - Proof of concept rust tqueue in sds -- Ticket 49443 - scope one searches in 1.3.7 give incorrect results -- Ticket 48118 - At startup, changelog can be erronously rebuilt after a normal shutdown -- Ticket 49412 - SIGSEV when setting invalid changelog config value -- Ticket 49441 - Import crashes - oneline fix -- Ticket 49377 - Incoming BER too large with TLS on plain port -- Ticket 49441 - Import crashes with large indexed binary attributes -- Ticket 49435 - Fix NS race condition on loaded test systems -- Ticket 77 - lib389 - Refactor docstrings in rST format - part 2 -- Ticket 17 - lib389 - dsremove support -- Ticket 3 - lib389 - python 3 compat for paged results test -- Ticket 3 - lib389 - Python 3 support for memberof plugin test suit -- Ticket 3 - lib389 - config test -- Ticket 3 - lib389 - python 3 support ds_logs tests -- Ticket 3 - lib389 - python 3 support for betxn test - -* Fri Nov 3 2017 Mark Reynolds - 1.4.0.2-2 -- Bump version to 1.4.0.2-2 -- Add python-lib389 build requirements - -* Fri Nov 3 2017 Mark Reynolds - 1.4.0.2-1 -- Bump version to 1.4.0.2-1 -- Ticket 48393 - fix copy and paste error -- Ticket 49439 - cleanallruv is not logging information -- Ticket 48393 - Improve replication config validation -- Ticket lib389 3 - Python 3 support for ACL test suite -- Ticket 103 - sysconfig not found -- Ticket 49436 - double free in COS in some conditions -- Ticket 48007 - CI test to test changelog trimming interval -- Ticket 49424 - Resolve csiphash alignment issues -- Ticket lib389 3 - Python 3 support for pwdPolicy_controls_test.py -- Ticket 3 - python 3 support - filter test -- Ticket 49434 - RPM build errors -- Ticket 49432 - filter optimise crash -- Ticket 49432 - Add complex fliter CI test -- Ticket 48894 - harden valueset_array_to_sorted_quick valueset access -- Ticket 49401 - Fix compiler incompatible-pointer-types warnings -- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl -- Ticket 49409 - Update lib389 requirements -- Ticket 49401 - improve valueset sorted performance on delete -- Ticket 49374 - server fails to start because maxdisksize is recognized incorrectly -- Ticket 49408 - Server allows to set any nsds5replicaid in the existing replica entry -- Ticket 49407 - status-dirsrv shows ellipsed lines -- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl -- Ticket 49386 - Memberof should be ignore MODRDN when the pre/post entry are identical -- Ticket 48006 - Missing warning for invalid replica backoff configuration -- Ticket 49064 - testcase hardening -- Ticket 49064 - RFE allow to enable MemberOf plugin in dedicated consumer -- Ticket lib389 3 - python 3 support -- Ticket 49402 - Adding a database entry with the same database name that was deleted hangs server at shutdown -- Ticket 48235 - remove memberof lock (cherry-pick error) -- Ticket 49394 - build warning -- Ticket 49381 - Refactor numerous suite docstrings - Part 2 -- Ticket 49394 - slapi_pblock_get may leave unchanged the provided variable -- Ticket 49403 - tidy ns logging -- Ticket 49381 - Refactor filter test suite docstrings -- Ticket 48235 - Remove memberOf global lock -- Ticket 103 - Make sysconfig where it is expected to exist -- Ticket 49400 - Add clang support to rpm builds -- Ticket 49381 - Refactor ACL test suite docstrings -- Ticket 49363 - Merge lib389 -- Ticket 101 - BaseException.message has been deprecated in Python3 -- Ticket 102 - referral support -- Ticket 99 - Fix typo in create_topology -- Ticket #98 - Fix dbscan output -- Ticket #77 - Fix changelogdb param issue -- Ticket #77 - Refactor docstrings in rST format - part 1 -- Ticket 96 - Change binaries' names -- Ticket 77 - Add sphinx documentation -- Ticket 43 - Add support for Referential Integrity plugin -- Ticket 45 - Add support for Rootdn Access Control plugin -- Ticket 46 - dsconf support for dynamic schema reload -- Ticket 74 - Advice users to set referint-update-delay to 0 -- Ticket 92 - display_attr() should return str not bytes in py3 -- Ticket 93 - Fix test cases in ctl_dbtasks_test.py -- Ticket 88 - python install and remove for tests -- Ticket 85 - Remove legacy replication attribute -- Ticket 91 - Fix replication topology -- Ticket 89 - Fix inconsistency with serverid -- Ticket 79 - Fix replica.py and add tests -- Ticket 86 - add build dir to gitignore -- Ticket 83 - Add an util for generating instance parameters -- Ticket 87 - Update accesslog regec for HR etimes -- Ticket 49 - Add support for whoami plugin -- Ticket 48 - Add support for USN plugin -- Ticket 78 - Add exists() method to DSLdapObject -- Ticket 31 - Allow complete removal of some memberOf attrs -- Ticket31 - Add memberOf fix-up task -- Ticket 67 - Add ensure_int function -- Ticket 59 - lib389 support for index management. -- Ticket 67 - get attr by type -- Ticket 70 - Improve repl tools -- Ticket 50 - typo in db2* in dsctl -- Ticket 31 - Add status command and SkipNested support for MemberOf -- Ticket 31 - Add functional tests for MemberOf plugin -- Ticket 66 - expand healthcheck for Directory Server -- Ticket 69 - add specfile requires -- Ticket 31 - Initial MemberOf plugin support -- Ticket 50 - Add db2* tasks to dsctl -- Ticket 65 - Add m2c2 topology -- Ticket 63 - part 2, agreement test -- Ticket 63 - lib389 python 3 fix -- Ticket 62 - dirsrv offline log -- Ticket 60 - add dsrc to dsconf and dsidm -- Ticket 32 - Add TLS external bind support for testing -- Ticket 27 - Fix get function in tests -- Ticket 28 - userAccount for older versions without nsmemberof -- Ticket 27 - Improve dseldif API -- Ticket 30 - Add initial support for account lock and unlock. -- Ticket 29 - fix incorrect format in tools -- Ticket 28 - Change default objectClasses for users and groups -- Ticket 1 - Fix missing dn / rdn on config. -- Ticket 27 - Add a module for working with dse.ldif file -- Ticket 1 - cn=config comparison -- Ticket 21 - Missing serverid in dirsrv_test due to incorrect allocation -- Ticket 26 - improve lib389 sasl support -- Ticket 24 - Join paths using os.path.join instead of string concatenation -- Ticket 25 - Fix RUV __repr__ function -- Ticket 23 - Use DirSrv.exists() instead of manually checking for instance's existence -- Ticket 1 - cn=config comparison -- Ticket 22 - Specify a basedn parameter for IDM modules -- Ticket 19 - missing readme.md in python3 -- Ticket 20 - Use the DN_DM constant instead of hard coding its value -- Ticket 19 - Missing file and improve make -- Ticket 14 - Remane dsadm to dsctl -- Ticket 16 - Reset InstScriptsEnabled argument during the init -- Ticket 14 - Remane dsadm to dsctl -- Ticket 13 - Add init function to create new domain entries -- Ticket 15 - Improve instance configuration ability -- Ticket 10 - Improve command line tool arguments -- Ticket 9 - Convert readme to MD -- Ticket 7 - Add pause and resume methods to topology fixtures -- Ticket 49172 - Allow lib389 to read system schema and instance -- Ticket 49172 - Allow lib389 to read system schema and instance -- Ticket 6 - Bump lib389 version 1.0.4 -- Ticket 5 - Fix container build on fedora -- Ticket 4 - Cert detection breaks some tests -- Ticket 49137 - Add sasl plain tests, lib389 support -- Ticket 2 - pytest mark with version relies on root -- Ticket 49126 - DIT management tool -- Ticket 49101 - Python 2 generate example entries -- Ticket 49103 - python 2 support for installer -- Ticket 47747 - Add topology_i2 and topology_i3 -- Ticket 49087 - lib389 resolve jenkins issues -- Ticket 48413 - Improvements to lib389 for rest -- Ticket 49083 - Support prefix for discovery of the defaults.inf file. -- Ticket 49055 - Fix debugging mode issue -- Ticket 49060 - Increase number of masters, hubs and consumers in topology -- Ticket 47747 - Add more topology fixtures -- Ticket 47840 - Add InstScriptsEnabled argument -- Ticket 47747 - Add topology fixtures module -- Ticket 48707 - Implement draft-wibrown-ldapssotoken-01 -- Ticket 49022 - Lib389, py3 installer cannot create entries in backend -- Ticket 49024 - Fix paths to the dbdir parent -- Ticket 49024 - Fix db_dir paths -- Ticket 49024 - Fix paths in tools module -- Ticket 48961 - Fix lib389 minor issues shown by 48961 test -- Ticket 49010 - Lib389 fails to start with systemctl changes -- Ticket 49007 - lib389 fixes for paths to use online values -- Ticket 49005 - Update lib389 to work in containers correctly. -- Ticket 48991 - Fix lib389 spec for python2 and python3 -- Ticket 48984 - Add lib389 paths module -- Ticket 48951 - dsadm dsconfig status and plugin -- Ticket 47957 - Update the replication "idle" status string -- Ticket 48951 - dsadm and dsconf base files -- Ticket 48952 - Restart command needs a sleep -- Ticket 48949 - Fix ups for style and correctness -- Ticket 48949 - added copying slapd-collations.conf -- Ticket 48949 - change default file path generation - use os.path.join -- Ticket 48949 - os.makedirs() exist_ok not python2 compatible, added try/except -- Ticket 48949 - configparser fallback not python2 compatible -- Ticket 48946 - openConnection should not fully popluate DirSrv object -- Ticket 48832 - Add DirSrvTools.getLocalhost() function -- Ticket 48382 - Fix serverCmd to get sbin dir properly -- Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc. -- Ticket 48937 - Cleanup valgrind wrapper script -- Ticket 48923 - Fix additional issue with serverCmd -- Ticket 48923 - serverCmd timeout not working as expected -- Ticket 48917 - Attribute presence -- Ticket 48911 - Plugin improvements for lib389 -- Ticket 48911 - Improve plugin support based on new mapped objects -- Ticket 48910 - Fixes for backend tests and lib389 reliability. -- Ticket 48860 - Add replication tools -- Ticket 48888 - Correction to create of dsldapobject -- Ticket 48886 - Fix NSS SSL library in lib389 -- Ticket 48885 - Fix spec file requires -- Ticket 48884 - Bugfixes for mapped object and new connections -- Ticket 48878 - better style for backend in backend_test.py -- Ticket 48878 - pep8 fixes part 2 -- Ticket 48878 - pep8 fixes and fix rpm to build -- Ticket 48853 - Prerelease installer -- Ticket 48820 - Begin to test compatability with py.test3, and the new orm -- Ticket 48434 - Fix for negative tz offsets -- Ticket 48857 - Remove python-krbV from lib389 -- Ticket 48820 - Fix tests to ensure they work with the new object types -- Ticket 48820 - Move Encryption and RSA to the new object types -- Ticket 48820 - Proof of concept of orm style mapping of configs and objects -- Ticket 48820 - Clitool rename -- Ticket 48431 - lib389 integrate ldclt -- Ticket 48434 - lib389 logging tools -- Ticket 48796 - add function to remove logs -- Ticket 48771 - lib389 - get ns-slapd version -- Ticket 48830 - Convert lib389 to ip route tools -- Ticket 48763 - backup should run regardless of existing backups. -- Ticket 48434 - lib389 logging tools -- Ticket 48798 - EL6 compat for lib389 tests for DH params -- Ticket 48798 - lib389 add ability to create nss ca and certificate -- Ticket 48433 - Aci linting tools -- Ticket 48791 - format args in server tools -- Ticket 48399 - Helper makefile is missing mkdir dist -- Ticket 48399 - Helper makefile is missing mkdir dist -- Ticket 48794 - lib389 build requires are on a single line -- Ticket 48660 - Add function to convert binary values in an entry to base64 -- Ticket 48764 - Fix mit krb password to be random. -- Ticket 48765 - Change default ports for standalone topology -- Ticket 48750 - Clean up logging to improve command experience -- Ticket 48751 - Improve lib389 ldapi support -- Ticket 48399 - Add helper makefile to lib389 to build and install -- Ticket 48661 - Agreement test suite fails at the test_changes case -- Ticket 48407 - Add test coverage module for lib389 repo -- Ticket 48357 - clitools should standarise their args -- Ticket 48560 - Make verbose handling consistent -- Ticket 48419 - getadminport() should not a be a static method -- Ticket 48408 - RFE escaped default suffix for tests -- Ticket 48401 - Revert typecheck -- Ticket 48401 - lib389 Entry hasAttr returs dict instead of false -- Ticket 48390 - RFE Improvements to lib389 monitor features for rest389 -- Ticket 48358 - Add new spec file -- Ticket 48371 - weaker host check on localhost.localdomain -- Ticket 58358 - Update spec file with pre-release versioning -- Ticket 48358 - Make Fedora packaging changes to the spec file -- Ticket 48358 - Prepare lib389 for Fedora Packaging -- Ticket 48364 - Fix test failures -- Ticket 48360 - Refactor the delete agreement function -- Ticket 48361 - Expand 389ds monitoring capabilities -- Ticket 48246 - Adding license/copyright to lib389 files -- Ticket 48340 - Add basic monitor support to lib389 https://fedorahosted.org/389/ticket/48340 -- Ticket 48353 - Add Replication REST support to lib389 -- Ticket 47840 - Fix regression -- Ticket 48343 - lib389 krb5 realm management https://fedorahosted.org/389/ticket/48343 -- Ticket 47840 - fix lib389 to use sbin scripts https://fedorahosted.org/389/ticket/47840 -- Ticket 48335 - Add SASL support to lib389 -- Ticket 48329 - Fix case-senstive scyheam comparisions -- Ticket 48303 - Fix lib389 broken tests -- Ticket 48329 - add matching rule functions to schema module -- Ticket 48324 - fix boolean capitalisation (one line) https://fedorahosted.org/389/ticket/48324 -- Ticket 48321 - Improve is_a_dn check to prevent mistakes with lib389 auth https://fedorahosted.org/389/ticket/48321 -- Ticket 48322 - Allow reindex function to reindex all attributes -- Ticket 48319 - Fix ldap.LDAPError exception processing -- Ticket 48318 - Do not delete a changelog while disabling a replication by suffix -- Ticket 48308 - Add __eq__ and __ne__ to Entry to allow fast comparison https://fedorahosted.org/389/ticket/48308 -- Ticket 48303 - Fix lib389 broken tests - backend_test -- Ticket 48309 - Fix lib389 lib imports -- Ticket 48303 - Fix lib389 broken tests - agreement_test -- Ticket 48303 - Fix lib389 broken tests - aci_parse_test -- Ticket 48301 - add tox support -- Ticket 48204 - update lib389 for python3 -- Ticket 48273 - Improve valgrind functions -- Ticket 48271 - Fix for self.prefix being none when SER_DEPLOYED_DIR is none https://fedorahosted.org/389/ticket/48271 -- Ticket 48259 - Add aci parsing utilities to lib389 -- Ticket 48252 - (lib389) adding get_bin_dir and dbscan -- Ticket 48247 - Change the default user to 'dirsrv' -- Ticket 47848 - Add new function to create ldif files -- Ticket 48239 - Fix for prefix allocation of un-initialised dirsrv objects -- Ticket 48237 - Add lib389 helper to enable and disable logging services. -- Ticket 48236 - Add get effective rights helper to lib389 -- Ticket 48238 - Add objectclass and attribute type query mechanisms -- Ticket 48029 - Add missing replication related functions -- Ticket 48028 - add valgrind wrapper for ns-slapd -- Ticket 48028 - lib389 - add valgrind functions -- Ticket 48022 - lib389 - Add all the server tasks -- Ticket 48023 - create function to test replication between servers -- Ticket 48020 - lib389 - need to reset args_instance with every DirSrv init -- Ticket 48000 - Repl agmts need more time to stop -- Ticket 48004 - Fix various issues -- Ticket 48000 - replica agreement pause/resume should have a short sleep -- Ticket 47990 - Add check for ".removed" instances when doing an upgrade -- Ticket 47990 - Add "upgrade" function to lib389 -- Ticket 47691 - using lib389 with RPMs -- Ticket 47848 - Add support for setuptools. -- Ticket 47855 - Add function to clear tmp directory -- Ticket 47851 - Need to retrieve tmp directory path -- Ticket 47845 - add stripcsn option to tombstone fixup task -- Ticket 47851 - Add function to retrieve dirsrvtests data directory -- Ticket 47845 - Add backup/restore/fixup tombstone tasks to lib389 -- Ticket 47819 - Add the new precise tombstone purging config attribute -- Ticket 47695 - Add plugins/tasks/Index -- Ticket 47648 - lib389 - add schema classes, methods -- Ticket 47671 - CI lib389: allow to open a DirSrv without having to create the instance -- Ticket 47600 - Replica/Agreement/Changelog not conform to the design -- Ticket 47652 - replica add fails: MT.list return a list not an entry -- Ticket 47635 - MT/Backend/Suffix to be conform with the design -- Ticket 47625 - CI lib389: DirSrv not conform to the design -- Ticket 47595 - fail to detect/reinit already existing instance/backup -- Ticket 47590 - CI tests: add/split functions around replication -- Ticket 47584 - CI tests: add backup/restore of an instance -- Ticket 47578 - CI tests: removal of 'sudo' and absolute path in lib389 -- Ticket 47568 - Rename DSAdmin class -- Ticket 47566 - Initial import of DSadmin into 389-test repos - -* Mon Oct 16 2017 Mark Reynolds - 1.4.0.1-2 -- Bump version to 1.4.0.1-2 -- Ticket 49400 - Add clang support and libatomic - -* Mon Oct 9 2017 Mark Reynolds - 1.4.0.1-1 -- Bump version to 1.4.0.1-1 -- Ticket 49038 - remove legacy replication - change cleanup script precedence -- Ticket 49392 - memavailable not available -- Ticket 49235 - pbkdf2 by default -- Ticket 49279 - remove dsktune -- Ticket 49372 - filter optimisation improvements for common queries -- Ticket 49320 - Activating already active role returns error 16 -- Ticket 49389 - unable to retrieve specific cosAttribute when subtree password policy is configured -- Ticket 49092 - Add CI test for schema-reload -- Ticket 49388 - repl-monitor - matches null string many times in regex -- Ticket 49387 - pbkdf2 settings were too aggressive -- Ticket 49385 - Fix coverity warnings -- Ticket 49305 - Need to wrap atomic calls -- Ticket 48973 - Indexing a ExactIA5Match attribute with a IgnoreIA5Match matching rule triggers a warning -- Ticket 49378 - server init fails -- Ticket 49305 - Need to wrap atomic calls -- Ticket 49180 - add CI test -- Ticket 49180 - errors log filled with attrlist_replace - attr_replace - -* Fri Sep 22 2017 Mark Reynolds - 1.4.0.0-1 -- Bump version to 1.4.0.0-1 - -* Wed Sep 6 2017 Mark Reynolds - 1.3.7.4-1 -- Bump version to 1.3.7.4 -- Ticket 49371 - Cleanup update script -- Ticket 48831 - Autotune dncache with entry cache. -- Ticket 49312 - pwdhash -D used default hash algo -- Ticket 49043 - make replication conflicts transparent to clients -- Ticket 49371 - Fix rpm build -- Ticket 49371 - Template dse.ldif did not contain all needed plugins -- Ticket 49295 - Fix CI Tests -- Ticket 49050 - make objectclass ldapsubentry effective immediately - -* Fri Sep 1 2017 Mark Reynolds - 1.3.7.3-1 -- Bump version to 1.3.7.3 -- Ticket 49354 - fix regression in total init due to mistake in range fetch -- Ticket 49370 - local password policies should use the same defaults as the global policy -- Ticket 48989 - Delete slow lib389 test -- Ticket 49367 - missing braces in idsktune -- Ticket 49364 - incorrect function declaration. -- Ticket 49275 - fix tls auth regression -- Ticket 49038 - Revise creation of cn=replication,cn=config -- Ticket 49368 - Fix typo in log message -- Ticket 48059 - Add docstrings to CLU tests -- Ticket 47840 - Add docstrings to setup tests -- Ticket 49348 - support perlless and wrapperless install - -* Tue Aug 22 2017 Mark Reynolds - 1.3.7.2-1 -- Bump verison to 1.3.7.2 -- Ticket 49038 - Fix regression from legacy code cleanup -- Ticket 49295 - Fix CI tests -- Ticket 48067 - Add bugzilla tests for ds_logs -- Ticket 49356 - mapping tree crash can occur during tot init -- Ticket 49275 - fix compiler warns for gcc 7 -- Ticket 49248 - Add a docstring to account locking test case -- Ticket 49445 - remove dead code -- Ticket 48081 - Add regression tests for pwpolicy -- Ticket 48056 - Add docstrings to basic test suite -- Ticket 49349 - global name 'imap' is not defined -- Ticket 83 - lib389 - Fix tests and create_test.py -- Ticket 48185 - Remove referint-logchanges attr from referint's config -- Ticket 48081 - Add regression tests for pwpolicy -- Ticket 83 - lib389 - Replace topology agmt objects -- Ticket 49331 - change autoscaling defaults -- Ticket 49330 - Improve ndn cache performance. -- Ticket 49347 - reproducable build numbers -- Ticket 39344 - changelog ldif import fails -- Ticket 49337 - Add regression tests for import tests -- Ticket 49309 - syntax checking on referint's delay attr -- Ticket 49336 - SECURITY: Locked account provides different return code -- Ticket 49332 - Event queue is not working -- Ticket 49313 - Change the retrochangelog default cache size -- Ticket 49329 - Descriptive error msg for USN cleanup task -- Ticket 49328 - Cleanup source code -- Ticket 49299 - Add normalized dn cache stats to dbmon.sh -- Ticket 49290 - improve idl handling in complex searches -- Ticket 49328 - Update clang-format config file -- Ticket 49091 - remove usage of changelog semaphore -- Ticket 49275 - shadow warnings for gcc7 - pass 1 -- Ticket 49316 - fix missing not condition in clock cleanu -- Ticket 49038 - Remove legacy replication -- Ticket 49287 - v3 extend csnpl handling to multiple backends -- Ticket 49310 - remove sds logging in debug builds -- Ticket 49031 - Improve memberof with a cache of group parents -- Ticket 49316 - Fix clock unsafety in DS -- Ticket 48210 - Add IP addr and connid to monitor output -- Ticket 49295 - Fix CI tests and compiler warnings -- Ticket 49295 - Fix CI tests -- Ticket 49305 - Improve atomic behaviours in 389-ds -- Ticket 49298 - fix missing header -- Ticket 49314 - Add untracked files to the .gitignore -- Ticket 49303 - Fix error in CI test -- Ticket 49302 - fix dirsrv importst due to lib389 change -- Ticket 49303 - Add option to disable TLS client-initiated renegotiation -- Ticket 49298 - force sync() on shutdown -- Ticket 49306 - make -f rpm.mk rpms produces build without tcmalloc enabled -- Ticket 49297 - improve search perf in bpt by removing a deref -- Ticket 49284 - resolve crash in memberof when deleting attrs -- Ticket 49290 - unindexed range searches don't provide notes=U -- Ticket 49301 - Add one logpipe test case - -* Fri Aug 11 2017 Igor Gnatenko - 1.3.7.1-2.5 -- Rebuilt after RPM update (№ 3) - -* Thu Aug 10 2017 Igor Gnatenko - 1.3.7.1-2.4 -- Rebuilt for RPM soname bump - -* Thu Aug 10 2017 Igor Gnatenko - 1.3.7.1-2.3 -- Rebuilt for RPM soname bump - -* Wed Aug 02 2017 Fedora Release Engineering - 1.3.7.1-2.2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 1.3.7.1-2.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Thu Jun 29 2017 Mark Reynolds - 1.3.7.1-2 -- Bump version to 1.3.7.1-2 -- Fix specfile for python dependency issue with ds-replcheck - -* Mon Jun 26 2017 Mark Reynolds - 1.3.7.1-1 -- Bump verson to 1.3.7.1 -- Ticket 49288 - RootDN Access wrong plugin path in template-dse.ldif.in -- Ticket 49289 - Improve result handling from connections with NS -- Ticket 49294 - radiusd before in unit file -- Ticket 49293 - inttypes in nunc-stans -- Ticket 49295 - Fix latest CI test failures -- Ticket 623 - Add test case and refactor the cleanallruv suite -- Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV if related pblock has not operation set -- Ticket 49008 - Fix MO plugin betxn test -- Ticket 48944 - Add CI test case -- Ticket 49227 - ldapsearch does not return the expected Error log level -- Ticket 49028 - Add autotuning test suite -- Ticket 49281 - improve db2* tests -- Ticket 49273 - bak2db doesn't operate with dbversion -- Ticket 49184 - adjust logging level in MO plugin -- Ticket 49257 - Update CI script -- Ticket 49257 - only register modify callbacks -- Ticket 49008 - Adjust CI test for new memberOf behavior -- Ticket 49273 - Fix compiler warning in dbversion_write, missing newline -- Ticket 49277 - improve out of box system tuning for EL7 -- Ticket 49273 - crash when DBVERSION is corrupt. -- Ticket 49273 - crash when DBVERSIOn is corrupt. -- Ticket 49268 - master branch fails on big endian systems -- Ticket 49271 - Fix pbkdf2 and openssl missing issue -- Ticket 49242 - add gdb script to rpm -- Ticket 49269 - Fix coverity errors -- Ticket 49241 - add symblic link location to db2bak.pl output -- Ticket #49072: memberOf fixup task does not validate args -- Ticket 49257 - Reject nsslapd-cachememsize & nsslapd-cachesize when nsslapd-cache-autosize is set -- Ticket 48538 - Failed to delete old semaphore -- Ticket 49231 - force EXTERNAL always -- Ticket 49267 - autosize split of 0 results in dbcache of 0 -- Ticket 49099 - resolve systemd startup interaction with ns -- Ticket 49157 - fix error in ds-logpipe.py -- Ticket 48864 - remove config.h from spal header. -- Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework report format -- Ticket 49261 - Fix script usage and man pages -- Ticket 49238 - AddressSanitizer: heap-use-after-free in libreplication -- Ticket 48864 - Fix FreeIPA build -- Ticket 49257 - Reject dbcachesize updates while auto cache sizing is enabled -- Ticket 49249 - cos_cache is erroneously logging schema checking failure -- Ticket 49248 - update eduPerson to 201602 -- Ticket 48050 - Add a test case for an issue 49014 -- Ticket 49258 - Allow nsslapd-cache-autosize to be modified while the server is running -- Ticket 49165 - Fix compiler warnings -- Ticket 49247 - resolve build issues on debian -- Ticket 48123 - create contrib section -- Ticket 49099 - fix configure.ac due to NS change -- Ticket 49250 - remove mempool experimental! -- Ticket 49099 - ns workers prep -- Ticket 49185 - Fix leaks in compute init and dblayer -- Ticket 49246 - ns-slapd crashes in role cache creation -- Ticket 49244 - resolve various test case issues -- Ticket 49157 - ds-logpipe.py crashes for non-existing users -- Ticket 49053 - Fix rpm build -- Ticket 49237 - Drop support for libdb older than 4.7 -- Ticket 49053 - Enable flto for DS -- Ticket 49243 - segv in memberof fixup -- Ticket 48985 - Add schema for nested groups to work out of box. -- Ticket 49241 - Update man page and usage for db2bak.pl -- Ticket 49071 - Add test case to tickets -- Ticket 49075 - Adjust logging severity levels -- Ticket 47662 - db2index not properly evalauating arguments -- Ticket 49240 - ci compiler warns -- Ticket 48989 - fix perf counters -- Ticket 48681 - logconv.pl - fix sasl/bind stats -- Ticket 49097 - fix pblock whitespace -- Ticket 49097 - fix the pblock to be a hierachial structure -- Ticket 49239 - move ds-replcheck man page and add script -- Ticket 49239 - Add a tool to compare entries on LDAP servers. -- Ticket 49231 - fix sasl mech handling -- Ticket 49233 - Fix crash in persistent search -- Ticket 49225 - Fix CI Test -- Ticket 49230 - slapi_register_plugin creates config entry where it should not -- Ticket 49225 - Add additional CRYPT password storage schemes - -* Wed Jun 07 2017 Jitka Plesnikova - 1.3.6.6-3.23 -- Perl 5.26 re-rebuild of bootstrapped packages - -* Tue Jun 6 2017 Mark Reynolds - 1.3.6.6-3.2 -- Revise server upgrade logic - -* Sun Jun 04 2017 Jitka Plesnikova - 1.3.6.6-3.1 -- Perl 5.26 rebuild - -* Thu May 25 2017 Charalampos Stratakis - 1.3.6.6-3 -- Bump verstion to 1.3.6.6-3 -- Ensure the binaries are pointing to the Python 3 interpreter (rhbz#1244234) - -* Mon May 22 2017 Mark Reynolds - 1.3.6.6-2 -- Bump version to 1.3.6.6-2 -- Disable tcmalloc on ppc64 & ppc64le - crash in makstrdb during build - -* Mon May 22 2017 Mark Reynolds - 1.3.6.6-1 -- Bump version to 1.3.6.6-1 -- Ticket 49157 - fix error in ds-logpipe.py -- Ticket 48864 - remove config.h from spal header. -- Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework report format -- Ticket 49261 - Fix script usage and man pages -- Ticket 49238 - AddressSanitizer: heap-use-after-free in libreplication -- Ticket 48864 - Fix FreeIPA build -- Ticket 49257 - Reject dbcachesize updates while auto cache sizing is enabled -- Ticket 49249 - cos_cache is erroneously logging schema checking failure -- Ticket 49258 - Allow nsslapd-cache-autosize to be modified while the server is running -- Ticket 49247 - resolve build issues on debian -- Ticket 49246 - ns-slapd crashes in role cache creation -- Ticket 49157 - ds-logpipe.py crashes for non-existing users -- Ticket 49241 - Update man page and usage for db2bak.pl -- Ticket 49075 - Adjust logging severity levels -- Ticket 47662 - db2index not properly evaluating arguments -- Ticket 48989 - fix perf counters - -* Thu Apr 27 2017 Mark Reynolds - 1.3.6.5-1 -- Bump version to 1.3.6.5-1 -- Ticket 49231 - fix sasl mech handling -- Ticket 49233 - Fix crash in persistent search -- Ticket 49230 - slapi_register_plugin creates config entry where it should not -- Ticket 49135 - PBKDF2 should determine rounds at startup -- Issue 49236 - Fix CI Tests -- Ticket 48310 - entry distribution should be case insensitive -- Ticket 49224 - without --prefix, $prefixdir would be NONE in defaults. - -* Fri Apr 21 2017 Mark Reynolds - 1.3.6.4-1 -- Bump version to 1.3.6.4-1 -- Ticket 49228 - Fix SSE4.2 detection. -- Ticket 49229 - Correct issues in latest commits -- Ticket 49226 - Memory leak in ldap-agent-bin -- Ticket 49214 - Implement htree concept -- Ticket 49119 - Cleanup configure.ac options and defines -- Ticket 49097 - whitespace fixes for pblock change -- Ticket 49097 - Pblock get/set cleanup -- Ticket 49222 - Resolve various test issues on rawhide -- Issue 48978 - Fix the emergency logging functions severity levels -- Issue 49227 - ldapsearch for nsslapd-errorlog-level returns incorrect values -- Ticket 49041 - nss won't start if sql db type set -- Ticket 49223 - Fix sds queue locking -- Issue 49204 - Fix 32bit arch build failures -- Issue 49204 - Need to update function declaration -- Ticket 49204 - Fix lower bounds on import autosize + On small VM, autotune breaks the access of the suffixes -- Issue 49221 - During an upgrade the provided localhost name is ignored -- Issue 49220 - Remote crash via crafted LDAP messages (SECURITY FIX) -- Ticket 49184 - Overflow in memberof -- Ticket 48050 - Add account policy tests to plugins test suite -- Ticket 49207 - Supply docker POC build for DS. -- Issue 47662 - CLI args get removed -- Issue 49210 - Fix regression when checking is password min age should be checked -- Ticket 48864 - Add cgroup memory limit detection to 389-ds -- Issue 48085 - Expand the repl acceptance test suite -- Ticket 49209 - Hang due to omitted replica lock release -- Ticket 48864 - Cleanup memory detection before we add cgroup support -- Ticket 48864 - Cleanup up broken format macros and imports -- Ticket 49153 - Remove vacuum lock on transaction cleanup -- Ticket 49200 - provide minimal dse.ldif for python installer -- Issue 49205 - Fix logconv.pl man page -- Issue 49177 - Fix pkg-config file -- Issue 49035 - dbmon.sh shows pages-in-use that exceeds the cache size -- Ticket 48432 - Linux capabilities on ns-slapd -- Ticket 49196 - Autotune generates crit messages -- Ticket 49194 - Lower default ioblock timeout -- Ticket 49193 - gcc7 warning fixes -- Issue 49039 - password min age should be ignored if password needs to be reset -- Ticket 48989 - Re-implement lock counter -- Issue 49192 - Deleting suffix can hang server -- Issue 49156 - Modify token :assert: to :expectedresults: -- Ticket 48989 - missing return in counter -- Ticket 48989 - Improve counter overflow fix -- Ticket 49190 - Upgrade lfds to 7.1.1 -- Ticket 49187 - Fix attribute definition -- Ticket 49185 - Fix memleak in compute init - -* Wed Mar 22 2017 Mark Reynolds - 1.3.6.3-4 -- Bump verson to 1.3.6.3-4 -- Issue 49177 - rpm would not create valid pkgconfig files(pt2) - -* Wed Mar 22 2017 Mark Reynolds - 1.3.6.3-3 -- Bump version to 1.3.6.3-3 -- Ticket 49186 - Fix NS to improve shutdown relability -- Ticket 49174 - nunc-stans can not use negative timeout -- Ticket 49076 - To debug DB_DEADLOCK condition, allow to reset DB_TXN_NOWAIT flag on txn_begin -- Issue 49188 - retrocl can crash server at shutdown -- Ticket 47840 - Add setup_ds test suite - -* Tue Mar 21 2017 Mark Reynolds - 1.3.6.3-2 -- Bump version to 1.3.6.3-2 -- Fix srvcore version dependancy - -* Tue Mar 21 2017 Mark Reynolds - 1.3.6.3-1 -- Bump verson to 1.3.6.3 -- Issue 48989 - Overflow in counters and monitor -- Issue 49095 - targetattr wildcard evaluation is incorrectly case sensitive -- Ticket 49177 - rpm would not create valid pkgconfig files -- Issue 49176 - Remove tcmalloc restriction from s390x -- Issue 49157 - ds-logpipe.py crashes for non-existing users -- Issue 49065 - dbmon.sh fails if you have nsslapd-require-secure-binds enabled -- Issue 49095 - Fix double-free in _cl5NewDBFile() error path - -* Wed Mar 15 2017 Mark Reynolds - 1.3.6.2-2 -- Bump verson to 1.3.6.2-2 -- Issue 49169 - Fix covscan errors(regression) -- Ticket 49172 - Fix test schema files -- Ticket 49171 - Nunc Stans incorrectly reports a timeout -- Ticket 49171 - Nunc Stans incorrectly reports a timeout -- Issue 49169 - Fix covscan errors - -* Tue Mar 14 2017 Mark Reynolds - 1.3.6.2-1 -- Bump version to 1.3.6.2-1 -- Ticket 49164 - Change NS to acq-rel semantics for atomics -- Ticket 49154 - Nunc Stans stress should assert it has 95% success rate -- Ticket 49165 - pw_verify did not handle external auth -- Issue 49062 - Reset agmt update staus and total init -- Ticket 49151 - Remove defunct selinux policy - -* Fri Mar 10 2017 Mark Reynolds - 1.3.6.1-2 -- Bump version to 1.3.6.1-2 -- Issue 49162 - Only check event.m4 if nunc-stans is enabled -- Issue 49156 - Add more IDs and fix docstrings -- Issue 49156 - Fix typo in the import -- Ticket 49160 - Fix sds benchmark and copyright -- Issue 47536 - Fix CI testcase -- Issue 49159 - test_schema_comparewithfiles fails with python-ldap>=2.4.26 -- Issue 49156 - Clean up test suites dir structure and docstrings -- Issue 49158 - fix latest coverity issues -- Ticket 49155 - Fix db2ldif path in test -- Issue 49122 - Fix rpm build -- Issue 49044 - Fix script usage and man pages -- Ticket 48707 - Update rfc to accomodate that authid is mandatory -- Ticket 49141 - Enable tcmalloc -- Ticket 49142 - bytes vs unicode in plugin tests -- Ticket 49139 - Update makefile and rpm for import -- Ticket 49139 - Import libsds and nunc-stans for bundling -- Issue 49122 - Filtered nsrole that uses nsrole crashes the server -- Issue 49147 - Fix tests compatibility with older versions -- Issue 49141 - Fix spec file for tcmalloc -- Issue 49141 - Use tcmalloc by default -- Ticket 49086 - SDN premangaling broken after SASL change -- Ticket 49137 - Add sasl plain test - ds -- Ticket 49138 - Increase systemd timout -- Issue 48226 - Fix CI test -- Ticket 49140 - Remove legacy inst reference in test -- Ticket 49134 Remove hardcoded elements from db lock test -- Fix compiler warning -- Ticket 47925 - Move add and delete operation aci checks to be before plugins. -- Ticket 49086 - public api compatability test for SDN changes. -- Ticket 49116 - Pblock usage analytics -- Ticket 49020 - Add CI test -- Revise README for pagure -- Ticket #49121 - ns-slapd crashes in ldif_sput due to the output buf size is less than the real size. -- Ticket 48085 - Add replica acceptance test suite -- Ticket 49008 - Fix regression in check if ruv element exists -- Ticket 49108 - ds_selinux_port_query doesn't detect ports labeled with range -- Ticket 49057 - Fix tests failures on older versions of DS -- Ticket 49111 - Integrate cmocka skeleton to Directory Server -- Ticket 49016 - (un)register/migration/remove may fail if there is no suffix on 'userRoot' backend -- Ticket 48085 - Add single master replication test suite -- Ticket #49104 - Add CI test -- Ticket #49104 - dbscan-bin crashing due to a segmentation fault -- Ticket 49105 - Sig FPE when ns-slapd has 0 backends. -- Ticket 49075 - Adjust log severity levels -- Ticket 49008 - Add CI test -- Ticket 49008 v2: aborted operation can leave RUV in incorrect state -- Ticket 47973 - CI Test case (test_ticket47973_case) -- Ticket 47973 - CI Test case (test_ticket47973_case) -- Ticket 47973 - custom schema is registered in small caps after schema reload -- Ticket 49089 - List library build deps -- Ticket 49085 - Make a short topology fixture alias -- Ticket #49088 - 389-ds-base rpm postinstall script bugs -- Ticket 49028 - Autosize database cache by default. -- Ticket 49089 - Fix invalid cxxlink statement from hpux -- Ticket 49087 - ds resolve jenkins issues. -- Ticket #49082 - Adjusted the CI test case to the fix. -- Ticket #49082 - Fix password expiration related shadow attributes -- Ticket #49080 - shadowExpire should not be a calculated value -- Ticket 49027 - on secfailure do not store cleartext password content -- Ticket 49031 - Improve memberof with a cache of ancestors for groups -- Ticket 49079: deadlock on cos cache rebuild -- Ticket 48665 - Fix RHEL6 test compatibility issues -- Ticket 49055 - Fix create_test.py issues -- Ticket 48797 - Add freebsd support to ns-slapd: main -- Ticket 49055 - Refactor create_test.py -- Ticket 49060 - Increase number of masters, hubs and consumers in topology -- Ticket 49055 - Clean up test tickets and suites -- Ticket 48964 - should not free repl name after purging changelog -- Ticket 48050 - Refactor acctpolicy_plugin suite -- Ticket 48964 - cleanallruv changelog purging removes wrong rid -- Ticket 49073: nsDS5ReplicatedAttributeListTotal fails when excluding no attribute -- Ticket 49074 - incompatible nsEncryptionConfig object definition prevents RHEL 7->6 schema replication -- Ticket 48835 - package tests into python site packages - fix rpm -- Ticket 49066 - Memory leaks in server - part 2 -- Ticket 49072 - validate memberof fixup task args -- Ticket 49071 - Import with duplicate DNs throws unexpected errors -- Ticket 47858 - Add test case for nsTombstone -- Ticket 48835 - Tests with setup.py.in -- Ticket 49066 - Memory leaks in server -- Ticket 47982 - Add CI test suite ds_logs -- Ticket 49052 - Environment quoting on fedora causes ds to fail to start. -- Ticket 47662 - Better input argument validation and error messages for cli tools -- Ticket 48681 - logconv.pl lists sasl binds with no dn as anonymous -- Ticket 48861: memberof plugin tests suite -- Ticket 48861: Memberof plugins can update several times the same entry to set the same values -- Ticket 48163 - Re-space schema.c -- Ticket 48163 - Read schema from multiple locations -- Ticket 48894 - improve entrywsi delete -- Ticket 49051 - Enable SASL LOGIN/PLAIN support as a precursor to LDAPSSOTOKEN -- Ticket 49020 - do not treat missing csn as fatal -- Ticket 48133 v2 Non tombstone entry which dn starting with "nsuniqueid=...," cannot be delete -- Ticket 49055 - Clean up test suites -- Ticket 48797 - Add freebsd support to ns-slapd: Configure and makefile. -- Ticket 48797 - Add freebsd support to ns-slapd: Add freebsd support for ldaputil -- Ticket 48797 - Add freebsd support to ns-slapd: Add support for dsktune -- Ticket 48797 - Add freebsd support to ns-slapd: Add support for cpp in Fbsd -- Ticket 48797 - Add freebsd support to ns-slapd: Header files -- Ticket 48978 - Fix implicit function declaration -- Ticket 49002 - Remove memset on allocation -- Ticket 49021 - Automatic thread tuning -- Ticket 48894 - Issues with delete of entrywsi with large entries. -- Ticket 49054 - Fix sasl_map unused paramater compiler warnings. -- Ticket 48050 - Add test suite to acctpolicy_plugin -- Ticket 49048 - Fix rpm build failure -- Ticket 49042 - Test failure that expects old default -- Ticket 49042 - Increase cache defaults slightly -- Ticket 48894 - Issue with high number of entry state objects. -- Ticket 48978 - Fix more log refactoring issues -- Ticket 48707 - Draft Ldap SSO Token proposal -- Ticket 49024 - Fix the rest of the CI failures -- Ticket #48987 - Heap use after free in dblayer_close_indexes -- Ticket 48945 - Improve db2ldif error message. -- Ticket 49024 - Fix inst_dir parameter in defaults.inf -- Ticket 49024 - Fix dbdir paths and adjust test cases -- Ticket 48961 - Allow reset of configuration values to defaults. -- Ticket #47911 - Move dirsrv-snmp.service to 389-ds-base-snmp package -- Ticket bz1358565 - Fix compiler warning about unused variable -- Ticket bz1358565 - clear and unsalted password types are vulnerable to timing attack -- Ticket 49016 - (un)register/migration/remove may fail if there is no suffix on 'userRoot' backend -- Ticket 397 - Add PBKDF2 to Directory Server password storage. -- Ticket 49024 - Fix CI test failures and defaults.inf -- Ticket 49026 - Support nunc-stans pkgconfig -- Ticket 49025 - Upgrade nunc-stans to 0.2.1 -- Ticket 48978 - error log refactoring error - -* Fri Feb 10 2017 Fedora Release Engineering - 1.3.6.1-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Thu Oct 27 2016 Noriko Hosoi - 1.3.6.1-0 -- Bump version to 1.3.6.1-1 -- Ticket 142 - Refactor and move CI test -- Ticket 47703 - remove search limit for aci group evaluation -- Ticket 47978 - Refactor slapi_log_error -- Ticket 48272 - ADDN Sytle prebind plugin -- Ticket 48272 - Fix compiler warnings for addn -- Ticket 48278 - cleanAllRUV should remove keep-alive entry -- Ticket 48328 - Add missing dependency -- Ticket 48414 - cleanAllRUV should clean the agreement RUV -- Ticket 48538 - Failed to delete old semaphore -- Ticket 48805 - Misleading indent and Uninitialised struct member -- Ticket 48805 - Sign comparison checks. -- Ticket 48832 - Fix CI test suite for password min age -- Ticket 48896 - CI test: test case for ticket 48896 -- Ticket 48896 - Default Setting for passwordMinTokenLength does not work -- Ticket 48906 - Allow nsslapd-db-locks to be configurable online -- Ticket 48909 - Replication stops working in FIPS mode -- Ticket 48921 - CI Replication stress tests have limits set too low -- Ticket 48944 - on a read only replica invalid state info can accumulate -- Ticket 48947 - Update default password hash to SSHA512 -- Ticket 48957 - Update repl-monitor to handle new status messages -- Ticket 48969 - nsslapd-auditfaillog always has an explicit path -- Ticket 48978 - Build fails on i686 -- Ticket 48978 - Convert slapi_log_error() to a variadic macro -- Ticket 48978 - Fine tune error logging -- Ticket 48978 - Fix CI test to account for new logging format -- Ticket 48978 - Fix logging format errors and replace LDAP_DEBUG -- Ticket 48978 - refactor LDADebug() to slapi_log_err() -- Ticket 48978 - refactor LDAPDebug() -- Ticket 48978 - Update error logging with new codes -- Ticket 48978 - Update the logging function to accept sev level -- Ticket 48979 - Allow to compile 389ds with warning Wstrict-prototypes -- Ticket 48979 - Strict Prototypes -- Ticket 48982 - Comment about resolving failure to open plugin. -- Ticket 48982 - Enabling a plugin that has a versioned so causes overflow -- Ticket 48982 - One line fix, remove unused variable. -- Ticket 48982 - When plugin doesn't enable, actually log the path it used -- Ticket 48983 - Configure and Makefile.in from new default paths work. -- Ticket 48983 - generate install path info from autotools scripts -- Ticket 48984 - Add lib389 paths module -- Ticket 48986 - 47808 triggers overflow in uiduniq.c -- Ticket 48992 - Total init may fail if the pushed schema is rejected -- Ticket 48996 - Fix rpm to work with ns 0.2.0 -- Ticket 48996 - remove unused variable. -- Ticket 48996 - update DS for ns 0.2.0 -- Ticket 49005 - Update lib389 to work in containers correctly. -- Ticket 49006 - Enable nunc-stans by default. -- Ticket 49006 - Nunc stans use DS stack size -- Ticket 49007 - Update configure scripts -- Ticket 49007 - Update DS basic test to better work with systemd. -- Ticket 49009 - args debug logging must be more restrictive -- Ticket 49011 - Remove configure artifacts -- Ticket 49012 - Removed un-used counters -- Ticket 49013 - Correct signal handling with NS in DS -- Ticket 49014 - ns-accountstatus.pl shows wrong status for accounts inactivated by Account policy plugin -- Ticket 49017 - Various minor test failures -- use a consumer maxcsn only as anchor if supplier is more advanced - -* Mon Oct 24 2016 Mark Reynolds - 1.3.5.14-2 -- Bump version to 1.3.5.14-2 -- Ticket 49011 - Remove configure artifacts -- Ticket 49006 - Enable nunc-stans 0.2.0 by default - -* Thu Oct 13 2016 Mark Reynolds - 1.3.5.14-1 -- Bump version to 1.3.5.14-1 -- Ticket 48992 - Total init may fail if the pushed schema is rejected -- Ticket 48832 - Fix CI test suite for password min age -- Ticket 48983 - Configure and Makefile.in from new default paths work. -- Ticket 48983 - Configure and Makefile.in from new default paths work. -- Ticket 48983 - generate install path info from autotools scripts -- Ticket 48944 - on a read only replica invalid state info can accumulate -- Ticket 48766 - use a consumer maxcsn only as anchor if supplier is more advanced -- Ticket 48921 - CI Replication stress tests have limits set too low -- Ticket 48969 - nsslapd-auditfaillog always has an explicit path -- Ticket 48957 - Update repl-monitor to handle new status messages -- Ticket 48832 - Fix CI tests -- Ticket 48975 - Disabling CLEAR password storage scheme will crash server when setting a password -- Ticket 48369 - Add CI test suite -- Ticket 48970 - Serverside sorting crashes the server -- Ticket 48972 - remove old pwp code that adds/removes ACIs -- Ticket 48957 - set proper update status to replication agreement in case of failure -- Ticket 48950 - Add systemd warning to the LD_PRELOAD example in /etc/sysconfig/dirsrv -- provide backend dir in suffix template -- Ticket 48953 - Skip labelling and unlabelling ports during the test -- Ticket 48967 - Add CI test and refactor test suite -- Ticket 48967 - passwordMinAge attribute doesn't limit the minimum age of the password -- Fix jenkins warnings about unused vars -- Ticket 48402 - v3 allow plugins to detect a restore or import -- Ticket #48969 - nsslapd-auditfaillog always has an explicit path -- Ticket 48964 - cleanAllRUV changelog purging incorrectly processes all backends -- Ticket 48965 - Fix building rpms using rpm.mk -- Ticket 48965 - Fix generation of the pre-release version -- Bugzilla 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option -- Ticket 48960 - Crash in import_wait_for_space_in_fifo(). -- Ticket 48832 - Fix more CI test failures -- Ticket 48958 - Audit fail log doesn't work if audit log disabled. -- Ticket 48956 - ns-accountstatus.pl showing "activated" user even if it is inactivated -- Ticket 48954 - replication fails because anchorcsn cannot be found -- Ticket 48832 - Fix CI tests failures from jenkins server -- Ticket 48950 - Change example in /etc/sysconfig/dirsrv to use tcmalloc - - -* Mon Aug 8 2016 Noriko Hosoi - 1.3.5.13-1 -- Release 1.3.5.13-1 -- Ticket 48450 - Autotools components for ds_systemd_ask_password_acl - -* Thu Aug 4 2016 Noriko Hosoi - 1.3.5.12-1 -- Release 1.3.5.12-1 -- Ticket 48450 - Add prestart work around for systemd ask password -- Ticket 48943 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password -- Ticket 47976 - Add fixed CI test case -- Ticket 48882 - server can hang in connection list processing -- Ticket 48921 - Adding replication and reliability tests -- Ticket 48936 - Duplicate collation entries -- Ticket 48832 - Fix timing and localhost issues -- Ticket 48832 - Fix pytest compatibility in CI tests -- Ticket 48832 - CI Tests - make tests more portable -- Ticket 48943 - Add CI Test for the password test suite -- Ticket 48940 - DS logs have warning:ancestorid not indexed -- Ticket 48934 - remove-ds.pl deletes an instance even if wrong prefix was specified -- Ticket 48336 - Missing semanage dependency -- Bug 1347760 - Additional CI test case -- Resolves: Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc. -- Ticket 48832 - CI tests - convert all the tests to use py.test -- Ticket 48939 - nsslapd-workingdir is empty when ns-slapd is started by systemd -- Ticket 48935 - Update dirsrv.systemd file -- Ticket 48832 - Fix lib389 CI ticket/suite test failures -- Ticket 47824 - Remove CI test from tickets and add logging -- Ticket 48930 - Paged result search can hang the server -- Ticket 48191 - Move CI test to the pr suite and refactor -- Ticket 48928 - log of page result cookie should log empty cookie with a different value than 0 -- Ticket 48752 - Add CI test -- Ticket 47664 - Move CI test to the pr suite and refactor - -* Thu Jul 14 2016 Noriko Hosoi - 1.3.5.11-1 -- Release 1.3.5.11-1 -- Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the status of the directory server instance. -- Ticket 48743 - If a cipher is disabled do not attempt to look it up -- Ticket 48755 - moving an entry could make the online init fail -- Ticket 48767 - flow control in replication also blocks receiving results -- Ticket 48912 - ntUserNtPassword schema -- Ticket 48914 - db2bak.pl task enters infinitive loop when bak fs is almost full -- Ticket 48916 - DNA Threshold set to 0 causes SIGFPE -- Ticket 48918 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't install 389-ds-base-snmp -- Ticket 48919 - Compiler warnings while building 389-ds-base on RHEL7 -- Ticket 48920 - Memory leak in pwdhash-bin -- Ticket 48922 - Fix crash when deleting backend while import is running -- Ticket 48924 - Fixup tombstone task needs to set proper flag when updating tombstones -- Ticket 48925 - slapd crash with SIGILL: Dsktune should detect lack of CMPXCHG16B -- Bug 1347761 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc. -- Bug 1353956 - Upgrade from FreeIPA Fedora 23 container to Fedora 24 fails with syntax error at - /usr/share/dirsrv/updates/91reindex.pl line 17, near ") - Regression introduced by Ticket 48755 to 1.3.5.10-1. -- Bug 1350393 - setup-ds.pl fails on F24 if perl-Errno is not updated (DS 48901) -- Bug 1114928 - etup-ds.pl creates configuration files under /usr (DS 528, 47840) - -* Fri Jul 1 2016 Noriko Hosoi - 1.3.5.10-1 --Release 1.3.5.10-1 -- Ticket 47538 - Fix repl-monitor color and lag times -- Ticket 47538 - repl-monitor.pl legend not properly sorted -- Ticket 47538 - repl-monitor.pl not displaying correct color code for lag time -- Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) -- Ticket 48346 - ldaputil code cleanup -- Ticket 48346 - log too verbose when re-acquiring expired ticket -- Ticket 48354 - Review of default ACI in the directory server -- Ticket 48366 - proxyauth does not work bound as directory manager -- Ticket 48449 - Import readNSState.py from RichM's repo -- Ticket 48636 - Fix config validation check -- Ticket 48637 - DN cache is not always updated when ADD operation fails -- Ticket 48745 - Matching Rule caseExactIA5Match indexes incorrectly values with upper cases -- Ticket 48755 - CI test: test case for ticket 48755 -- Ticket 48755 - moving an entry could make the online init fail -- Ticket 48889 - ldclt - fix man page and usage info -- Ticket 48891 - ns-slapd crashes during the shutdown after adding attribute with a matching rule -- Ticket 48892 - Wrong result code display in audit-failure log -- Ticket 48893 - cn=config should not have readable components to anonymous -- Ticket 48895 - tests package should be noarch -- Ticket 48898 - Crash during shutdown if nunc-stans is enabled -- Ticket 48899 - Values of dbcachetries/dbcachehits in cn=monitor could overflow. -- Ticket 48900 - Add connection perf stats to logconv.pl -- Ticket 48902 - Strdup pwdstoragescheme name to prevent misbehaving plugins -- Ticket 48904 - syncrepl search returning error 329; plugin sending a bad error code -- Ticket 48905 - coverity defects - -* Tue Jun 14 2016 Noriko Hosoi - 1.3.5.6-1 -- Release 1.3.5.6-1 -- Ticket 48234 - CI test: test case for ticket 48234 -- Ticket 48234 - "matching rules" in ACI's "bind rules not fully evaluated -- Ticket 48636 - Improve replication convergence -- Revert "Ticket 48755 - moving an entry could make the online init fail" -- Ticket 48766 - Replication changelog can incorrectly skip over updates -- Ticket 47982 - Fix log hr timestamps when invalid value is set in cn=config - -* Mon Jun 13 2016 Noriko Hosoi - 1.3.5.5-1 -- Release 1.3.5.5-1 -- Ticket 48848 - modrdn deleteoldrdn can fail to find old attribute value, perhaps due to case folding -- Ticket 48832 - CI test - fix ticket failures -- Ticket 48833 - 389 showing inconsistent values for shadowMax and shadowWarning in 1.3.5.1 -- Ticket 48873 - Backend should accept the reduced cache allocation when issane == 1 -- Ticket 48815 - ns-accountstatus.pl - fix DN normalization -- Ticket 48880 - adding pre/post extop ability -- Ticket 48449 - Import readNSState from richm's repo -- Ticket 48877 - Fixes for RPM spec with spectool -- Ticket 48404 - libslapd owned by libs and devel -- Ticket 48326 - Move CI test to config test suite and refactor -- Ticket 48755 - CI test: test case for ticket 48755 -- Ticket 48755 - moving an entry could make the online init fail -- Ticket 48870 - Correct plugin execution order due to changes in exop -- Ticket 48799 - Test cases for objectClass values being dropped. -- Ticket 48863 - remove check for vmsize from util_info_sys_pages -- Ticket 48872 - Fix segfault and use after free in plugin shutdown -- Ticket 48862 - At startup DES to AES password conversion causes timeout in start script -- Ticket 48275 - search returns no entry when OR filter component contains non readable attribute -- Ticket 47911 - split out snmp agent into a subpackageTicket 47911 -- Ticket 48336 - setup-ds should detect if port is already defined -- Ticket 48858 - Segfault changing nsslapd-rootpw -- Ticket 48855 - Add basic pwdPolicy tests -- Ticket 48747 - dirsrv service fails to start when nsslapd-listenhost is configured -- Ticket 48752 - Page result search should return empty cookie if there is no returned entry -- Ticket 48854 - Running db2index with no options breaks replication -- Ticket 48850 - Correct memory leaks in pwdhash-bin and ns-slapd -- Ticket 48849 - Systemd introduced incompatible changes that breaks ds build -- Ticket 48846 - 32 bit systems set low vmsize -- Ticket 48846 - Older kernels do not expose memavailable -- Ticket 48846 - Rlimit checks should detect RLIM_INFINITY -- Ticket 48617 - Coverity fixes -- Ticket 48745 - Matching Rule caseExactIA5Match indexes incorrectly values with upper cases -- Ticket 48844 - Regression introduced in matching rules by DS 48746 -- Ticket 48363 - CI test - add test suite -- Ticket 48795 - Make various improvements to create_test.py -- Ticket 48834 - Fix jenkins: discared qualifier on auditlog.c -- Ticket 48834 - Modifier's name is not recorded in the audit log with modrdn and moddn operations -- Ticket 48754 - ldclt should support -H - -* Thu May 19 2016 Jitka Plesnikova - 1.3.5.4-1.1 -- Perl 5.24 re-rebuild of bootstrapped packages - -* Wed May 18 2016 Noriko Hosoi - 1.3.5.4-1 -- Release 1.3.5.4-1 -- Ticket 48836 - replication session fails because of permission denied -- Ticket 47819 - RFE - improve tombstone purging performance -- Ticket 48837 - Replication: total init aborted -- Ticket 48617 - Server ram checks work in isolation -- Ticket 48220 - The "repl-monitor" web page does not display "year" in date. -- Ticket 48829 - Add gssapi sasl replication bind test -- Ticket 48497 - uncomment pytest from CI test -- Ticket 48828 - db2ldif is not taking into account multiple suffixes or backends -- Ticket 48818 - Fix case where return code is always -1 -- Ticket 48826 - 52updateAESplugin.pl may fail on older versions of perl -- Ticket 48825 - Configure make generate invalid makefile - -* Tue May 17 2016 Jitka Plesnikova - 1.3.5.3-1.1 -- Perl 5.24 rebuild - -* Sun May 8 2016 Noriko Hosoi - 1.3.5.3-1 -- Release 1.3.5.3-1 -- Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto -- Ticket 47536 - CI test: added test cases for ticket 47536 -- Ticket 47840 - default instance scripts if undefined. -- Ticket 47888 - Add CI test -- Ticket 47888 - DES to AES password conversion fails if a backend is empty -- Ticket 47951 - Fix startpid from altering dev/null -- Ticket 47968 - Disable journald logs by default -- Ticket 47982 - HR Log timers, regression fix for subsystem logging -- Ticket 48078 - CI test - paged_results - TET part -- Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the status of the directory server instance. -- Ticket 48269 - ns-accountstatus status message improvement -- Ticket 48342 - DNA: deadlock during DNA_EXTEND_EXOP_REQUEST_OID -- Ticket 48342 - DNA Deadlock test cases -- Ticket 48342 - Prevent transaction abort if a transaction has not begun -- Ticket 48350 - Integrate ASAN into our rpm build process -- Ticket 48374 - entry cache locks not released in error conditions -- Ticket 48410 - 389-ds-base - Unable to remove / unregister a DS instance from admin server -- Ticket 48447 - with-initddir should accept no -- Ticket 48450 - Systemd password agent support -- Ticket 48492 - heap corruption at schema replication. -- Ticket 48597 - Deadlock when rebuilding the group of authorized replication managers -- Ticket 48662 - db2index with no attribute args fail. -- Ticket 48710 - auto-dn-suffix unrecognized option -- Ticket 48769 - Fix white space in extendedop.c -- Ticket 48769 - RFE: Be_txn extended operation plugin type -- Ticket 48770 - Improve extended op plugin handling -- Ticket 48775 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged. -- Ticket 48779 - Remove startpidfile check in start-dirsrv -- Ticket 48781 - Vague error message: setup_ol_tls_conn - failed: unable to create new TLS context -- Ticket 48782 - Make sure that when LDAP_OPT_X_TLS_NEWCTX is set, the value is set to zero. -- Ticket 48783 - Fix ns-accountstatus.pl syntax error -- Ticket 48784 - CI test: added test cases for ticket 48784 -- Ticket 48784 - Make the SSL version set to the client library configurable. -- Ticket 48798 - Enable DS to offer weaker DH params in NSS -- Ticket 48799 - objectclass values could be dropped on the consumer -- Ticket 48800 - Cleaning up error buffers -- Ticket 48801 - ASAN errors during tests -- Ticket 48802 - Compilation warnings from clang -- Ticket 48808 - Add test case -- Ticket 48808 - Paged results search returns the blank list of entries -- Ticket 48813 - password history is not updated when an admin resets the password -- Ticket 48815 - ns-accountstatus.sh does handle DN's with single quotes -- Ticket 48818 - In docker, no one can hear your process hang. -- Ticket 48822 - (389-ds-base-1.3.5) Fixing coverity issues. -- Ticket 48824 - Cleanup rpm.mk and 389 specfile - -* Fri Apr 15 2016 David Tardon - 1.3.5.1-3.1 -- rebuild for ICU 57.1 - -* Mon Apr 11 2016 Noriko Hosoi - 1.3.5.1-3 -- Release 1.3.5.1-3 -- Fixed the %%if expression for use_nunc_stans. -- Removed %%if % {use_nunc_stans} from Source3 as well as from nunc_stans_ver. - -* Mon Mar 28 2016 Noriko Hosoi - 1.3.5.1-2 -- Release 1.3.5.1-2 -- Fixed License to GPLv3+ -- Generate a user dirsrv in the package install. - -* Wed Mar 23 2016 Noriko Hosoi - 1.3.5.1-1 -- Release 1.3.5.1-1 -- Ticket 47982 - improve timestamp resolution in logs -- Ticket 48759 - no plugin calls in tombstone purging -- Ticket 48665 - Prevent sefault in ldbm_instance_modify_config_entry -- Ticket 48757 - License tag does not match actual license of code -- Ticket 48746 - Crash when indexing an attribute with a matching rule -- Ticket 48497 - extended search without MR indexed attribute prevents later indexing with that MR -- Ticket 48368 - Resolve the py.test conflicts with the create_test.py issue -- Ticket 48748 - Fix memory_leaks test suite teardown failure -- Ticket 48383 - import tasks with dynamic buffer sizes -- Ticket 48420 - change severity of some messages related to "keep alive" entries -- Ticket 48386 - Clean up dsktune code -- Ticket 48537 - undefined reference to `abstraction_increment' -- Ticket 48747 - dirsrv service fails to start when nsslapd-listenhost is configured - -* Tue Feb 23 2016 Noriko Hosoi - 1.3.5.0-1 -- Release 1.3.5.0 -- nunc-stans - bump version to 0.1.8 -- Ticket 132 - Makefile.am must include header files and template scripts -- Ticket 142 - [RFE] Default password syntax settings don't work with fine-grained policies -- Ticket 548 - RFE: Allow AD password sync to update shadowLastChange -- Ticket 47788 - Only check postop result if its a replication operation -- Ticket 47840 - add configure option to disable instance specific scripts -- Ticket 47968 - [RFE] Send logs to journald -- Ticket 47977 - [RFE] Implement sd_notify mechanism -- Ticket 48016 - search, matching rules and filter error "unsupported type 0xA9" -- Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the status of the directory server instance. -- Ticket 48145 - RFE Add log file for rejected changes -- Ticket 48147 - Unable to enable DS service for auto start -- Ticket 48151 - Improve CleanAllRUV task logging -- Ticket 48218 - cleanAllRUV - modify the existing "force" option to bypass the "replica online" checks -- Ticket 48244 - No validation check for the value for nsslapd-db-locks. -- Ticket 48257 - Fix coverity issues - 08/24/2015 -- Ticket 48263 - allow plugins to detect tombstone operations -- Ticket 48269 - RFE: need an easy way to detect locked accounts locked by inactivity. -- Ticket 48270 - fail to index an attribute with a specific matching rule/48269 -- Ticket 48280 - enable logging of internal ops in the audit log -- Ticket 48285 - The dirsrv user/group should be created in rpm %%pre, and ideally with fixed uid/gid -- Ticket 48289 - 389-ds-base: ldclt-bin killed by SIGSEGV -- Ticket 48290 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers -- Ticket 48294 - Linked Attributes plug-in - won't update links after MODRDN operation -- Ticket 48295 - Entry cache is not rolled back -- Linked Attributes plug-in - wrong behaviour when adding valid and broken links -- Ticket 48311 - nunc-stans: Attempt to release connection that is not acquired -- Ticket 48317 - SELinux port labeling retry attempts are excessive -- Ticket 48326 - [RFE] it could be nice to have nsslapd-maxbersize default to bigger than 2Mb -- Ticket 48350 - configure.ac add options for debbuging and security analysis / hardening. -- Ticket 48351 - Fix buffer overflow error when reading url with len 0 -- Ticket 48363 - Support for rfc3673 '+' to return operational attributes -- Ticket 48369 - [RFE] response control for password age should be sent by default by RHDS -- Ticket 48384 - Server startup should warn about values consuming too much ram -- Ticket 48387 - ASAN invalid read in cos_cache.c -- Ticket 48394 - lower password history minimum to 1 -- Ticket 48395 - ASAN - Use after free in uiduniq 7bit.c -- Ticket 48398 - Coverity defect 13352 - Resource leak in auditlog.c -- Ticket 48400 - ldclt - segmentation fault error while binding -- Ticket 48445 - keep alive entries can break replication -- Ticket 48446 - logconv.pl displays negative operation speeds -- Ticket 48566 - acl.c attrFilterArray maybe uninitialised. -- Ticket 48662 - db2index with no attribute args fail. - -* Fri Feb 12 2016 Noriko Hosoi - 1.3.4.8-1 -- Release 1.3.4.8 -- Ticket 48445 - keep alive entries can break replication -- Ticket 47788 - Only check postop result if its a replication operation -- Ticket 48536 - Crash in slapi_get_object_extension -- Ticket 48492 - heap corruption at schema replication. -- Ticket 48448 - dirsrv start-stop fail in certain shell environments. - -* Tue Feb 09 2016 Mark Reynolds - 1.3.4.7-1.2 -- Fix spec file for nunc-stans build problem on Rawhide - -* Wed Feb 03 2016 Fedora Release Engineering - 1.3.4.7-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Mon Jan 25 2016 Noriko Hosoi - 1.3.4.7-1 -- Release 1.3.4.7 -- Bug 1299417 - worker threads do not detect abnormally closed connections (DS 48412) -- Ticket 47788 - Supplier can skip a failing update, although it should retry -- Ticket 48341 - deadlock on connection mutex -- Ticket 48406 - Avoid self deadlock by PR_Lock(conn->c_mutex) -- Revert "Ticket #48338 - SimplePagedResults -- abandon could happen between the abandon check and sending results" - -* Tue Jan 12 2016 Noriko Hosoi - 1.3.4.6-1 -- Release 1.3.4.6 -- Ticket 48388 - db2ldif -r segfaults from time to time -- Ticket 48312 - Crash when doing modrdn on managed entry -- Ticket 48332 - allow users to specify to relax the FQDN constraint -- Ticket 48375 - SimplePagedResults -- in the search error case, simple paged results slot was not released. -- Ticket 48362 - With exhausted range, part of DNA shared configuration is deleted after server restart -- Ticket 48289 - 389-ds-base: ldclt-bin killed by SIGSEGV -- Ticket 48305 - perl module conditional test is not conditional when checking SELinux policies -- Ticket 48370 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same modify operation -- Ticket 48369 - RFE - Add config setting to always send the password expiring time - -* Wed Nov 18 2015 Noriko Hosoi - 1.3.4.5-1 -- Release 1.3.4.5 -- Ticket 48316 - Perl-5.20.3-328: Use of literal control characters in variable names is deprecated -- Ticket 48348 - Running /usr/sbin/setup-ds.pl fails with Can't locate bigint.pm, plus two warnings -- Ticket 48339 - Share nsslapd-threadnumber in the case nunc-stans is enabled, as well. -- Ticket 48311 - nunc-stans: Attempt to release connection that is not acquired https://fedorahosted.org/389/ticket/48311 -- Ticket 48325 - Add lib389 test script -- Ticket 48344 - acl - regression - trailing ', (comma)' in macro matched value is not removed. -- Ticket 48325 - Replica promotion leaves RUV out of order -- Ticket 48338 - SimplePagedResults -- abandon could happen between the abandon check and sending results -- Ticket 47976 - deadlock in mep delete post op -- Ticket 48311 - nunc-stans: Attempt to release connection that is not acquired -- Ticket 47978 - Deadlock between two MODs on the same entry between entry cache and backend lock -- Ticket 48305 - perl module conditional test is not conditional when checking SELinux policies -- Ticket 47957 - Add replication test suite for a wait async feature -- Ticket 48227 - rpm.mk doesn't build srpms for 389-ds and nunc-stans -- Ticket 48264 - Ticket 47553 tests refactoring -- Ticket 48304 - ns-slapd - LOGINFO:Unable to remove file -- Ticket 48298 - ns-slapd crash during ipa-replica-manage del -- Ticket 48192 - Individual abandoned simple paged results request has no chance to be cleaned up -- Ticket 48299 - pagedresults - when timed out, search results could have been already freed. -- Ticket 48204 - update lib389 test scripts for python 3 -- Ticket 48283 - many attrlist_replace errors in connection with cleanallruv -- Ticket 48266 - do not free repl keep alive entry on error -- Ticket 48284 - free entry when internal add fails -- Ticket 48266 - Online init crashes consumer -- Ticket 48188 - segfault in ns-slapd due to accessing Slapi_DN freed in pre bind plug-in -- Ticket 48217 - cleanallruv - fix regression with server shutdown -- Ticket 48266 - coverity issue -- Ticket 48266 - Fractional replication evaluates several times the same CSN -- Ticket 48279 - Check NULL reference in nssasl_mutex_lock etc. (saslbind.c) -- Ticket 48226 - In MMR, double free coould occur under some special condition -- Ticket 48273 - Update lib389 tests for new valgrind functions -- Ticket 48276 - initialize free_flags in reslimit_update_from_entry() -- Ticket 47553 - Automated the verification procedure -- Ticket 47761 - Added a few testcases to the basic testsuite -- Ticket 48254 - Shell CLI fails with usage errors if an argument containing white spaces is given -- Ticket 47511 - bashisms in 389-ds-base admin scripts -- Ticket 48267 - Add config setting to MO plugin to add objectclass - -* Tue Nov 10 2015 Fedora Release Engineering - 1.3.4.4-1.2 -- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 - -* Wed Oct 28 2015 David Tardon - 1.3.4.4-1.1 -- rebuild for ICU 56.1 - -* Fri Sep 4 2015 Noriko Hosoi - 1.3.4.4-1 -- Release 1.3.4.4 -- Ticket 48255 - total update request can be lost -- Ticket 48263 - allow plugins to detect tombstone operations -- Ticket 48265 - Complex filter in a search request doen't work as expected. (regression) -- Ticket 47981 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes -- Ticket 48204 - Convert all python scripts to support python3 -- Ticket 48258 - dna plugin needs to handle binddn groups for authorization -- Ticket 48252 - db2index creates index entry from deleted records -- Ticket 48228 - wrong password check if passwordInHistory is decreased. -- Ticket 48252 - db2index creates index entry from deleted records -- Ticket 47757 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax -- Ticket 48254 - Shell CLI fails with usage errors if an argument containing white spaces is given -- Ticket 48254 - CLI db2index fails with usage errors -- Ticket 47831 - remove debug logging from retro cl -- Ticket 48243 - replica upgrade failed in starting dirsrv service due to upgrade scripts did not run -- Ticket 48233 - Server crashes in ACL_LasFindFlush during shutdown if ACIs contain IP addresss restrictions -- Ticket 48250 - Slapd crashes reported from latest build -- Ticket 48249 - sync_repl uuid may be invalid -- Ticket 48245 - Man pages and help for remove-ds.pl doesn't display "-a" option -- Ticket 47511 - bashisms in 389-ds-base admin scripts -- Ticket 47686 - removing chaining database links trigger valgrind read errors -- Ticket 47931 - memberOf & retrocl deadlocks -- Ticket 48228 - wrong password check if passwordInHistory is decreased. -- Ticket 48215 - update dbverify usage in main.c -- Ticket 48215 - verify_db.pl doesn't verify DB specified by -a option -- Ticket 47810 - memberOf plugin not properly rejecting updates -- Ticket 48231 - logconv autobind handling regression caused by 47446 -- Ticket 48232 - winsync lastlogon attribute not syncing between DS and AD. - -* Mon Jul 27 2015 Noriko Hosoi - 1.3.4.3-1 -- Release 1.3.4.3 -- Ticket 48204 - Add Python 3 compatibility to ds-logpipe - -* Fri Jul 24 2015 Noriko Hosoi - 1.3.4.2-1 -- Release 1.3.4.2 -- Ticket 48010 - winsync range retrieval gets only 5000 values upon initialization -- Ticket 48206 - Crash during retro changelog trimming -- Ticket 48224 - redux 2 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files -- Ticket 47910 - logconv.pl - check that the end time is greater than the start time -- Ticket 48179 - Starting a replica agreement can lead to deadlock -- Ticket 48226 - CI test: added test cases for ticket 48226 -- Ticket 48226 - In MMR, double free coould occur under some special condition -- Ticket 48224 - redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files -- Ticket 48203 - Fix coverity issues - 07/14/2015 -- Ticket 48194 - CI test: fixing test cases for ticket 48194 -- Ticket 48224 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files -- Ticket 47910 - logconv.pl - validate start and end time args -- Ticket 48223 - Winsync fails when AD users have multiple spaces (two)inside the value of the rdn attribute -- Ticket 47878 - Remove warning suppression in 1.3.4 -- Ticket 48119 - Silent install needs to properly exit when INF file is missing -- Ticket 48216 - crash in ns-slapd when deleting winSyncSubtreePair from sync agreement -- Ticket 48217 - cleanAllRUV hangs shutdown if not all of the replicas are online -- Ticket 48013 - Inconsistent behaviour of DS when LDAP Sync is used with an invalid cookie -- Ticket 47799 - Any negative LDAP error code number reported as Illegal error by ldclt. -- Ticket 48208 - CleanAllRUV should completely purge changelog -- Ticket 48203 - Fix coverity issues - 07/07/2015 -- Ticket 48119 - setup-ds.pl does not log invalid --file path errors the same way as other errors. -- Ticket 48192 - Individual abandoned simple paged results request has no chance to be cleaned up -- Ticket 48214 - CI test: added test cases for ticket 48213 -- Ticket 48214 - ldapsearch on nsslapd-maxbersize returns 0 instead of current value -- Ticket 48212 - CI test: added test cases for ticket 48212 -- Ticket 48212 - Dynamic nsMatchingRule changes had no effect on the attrinfo thus following reindexing, as well. -- Ticket 48195 - Slow replication when deleting large quantities of multi-valued attributes - -* Fri Jul 24 2015 Tomas Radej - 1.3.4.1-2 -- Updated dep on policycoreutils-python-utils (semanage was moved) - -* Wed Jun 24 2015 Noriko Hosoi - 1.3.4.1-1 -- Release 1.3.4.1 -- Resolves: Bug 1234277 - distro-wide architecture set overriden by buildsystem; Upgrade nunc-stans to 0.1.5. -- Enable nunc-stans just for x86_64. -- Ticket 48203 - Fix coverity issues - 06/22/2015 - -* Fri Jun 19 2015 Noriko Hosoi - 1.3.4.0-1 -- Release 1.3.4.0 (rebase) -- Enable nunc-stans in the build. -- Ticket 47490 - test case failing if 47721 is also fixed -- Ticket 47640 - Linked attributes transaction not aborted when linked entry does not exit -- Ticket 47669 - CI test: added test cases for ticket 47669 -- Ticket 47669 - Retro Changelog Plugin accepts invalid value in nsslapd-changelogmaxage attribute -- Ticket 47723 - winsync sets AccountUserControl in AD to 544 -- Ticket 47787 - Make the test case more robust -- Ticket 47833 - TEST CASE only (modrdn fails if renamed entry member of a group and is out of memberof scope) -- Ticket 47878 - Improve setup-ds update logging -- Ticket 47893 - should use Sys::Hostname instead Net::Domain -- Ticket 47910 - allow logconv.pl -S/-E switches to work even when timestamps not present in access log -- Ticket 47913 - remove-ds.pl should not remove /var/lib/dirsrv -- Ticket 47921 - indirect cos does not reflect changes in the cos attribute -- Ticket 47927 - Uniqueness plugin: should allow to exclude some subtrees from its scope -- Ticket 47953 - testcase for removing invalid aci -- Ticket 47966 - CI test: added test cases for ticket 47966 -- Ticket 47966 - slapd crashes during Dogtag clone reinstallation -- Ticket 47972 - make parsing of nsslapd-changelogmaxage more fault tolerant -- Ticket 47972 - make parsing of nsslapd-changelogmaxage more fool proof -- Ticket 47998 - cleanup WINDOWS ifdef's -- Ticket 47998 - remove remaining obsolete OS code/files -- Ticket 47998 - remove "windows" files -- Ticket 47999 - address several race conditions in tests -- Ticket 47999 - lib389 individual tests not running correctly when run as a whole -- Ticket 48003 - build "suite" framework -- Ticket 48008 - db2bak.pl man page should be improved. -- Ticket 48017 - add script to generate lib389 CI test script -- Ticket 48019 - Remove refs to constants.py and backup/restore from lib389 tests -- Ticket 48023 - replace old replication check with lib389 function -- Ticket 48025 - add an option '-u' to dbgen.pl for adding group entries with uniquemembers -- Ticket 48026 - fix invalid write for friendly attribute names -- Ticket 48026 - Fix memory leak in uniqueness plugin -- Ticket 48026 - Support for uniqueness plugin to enforce uniqueness on a set of attributes. -- Ticket 48032 - change C code license to GPLv3; change C code license to allow openssl -- Ticket 48035 - nunc-stans - Revise shutdown sequence -- Ticket 48036 - ns_set_shutdown should call ns_job_done -- Ticket 48037 - ns_thrpool_new should take a config struct rather than many parameters -- Ticket 48038 - logging should be pluggable -- Ticket 48039 - nunc-stans malloc should be pluggable -- Ticket 48040 - preserve the FD when disabling a listener -- Ticket 48043 - use nunc-stans config initializer -- Ticket 48103 - update DS for new nunc-stans header file -- Ticket 48110 - Free all the nunc-stans signal jobs when shutdown is detected -- Ticket 48111 - "make clean" wipes out original files -- Ticket 48122 - nunc-stans FD leak -- Ticket 48127 - Using RPM, allows non root user to create/remove DS instance -- Ticket 48141 - aci with wildcard and macro not correctly evaluated -- Ticket 48143 - Password is not correctly passed to perl command line tools if it contains shell special characters. -- Ticket 48149 - ns-slapd double free or corruption crash -- Ticket 48154 - abort cleanAllRUV tasks should not certify-all by default -- Ticket 48169 - support NSS 3.18 -- Ticket 48170 - Parse nsIndexType correctly -- Ticket 48175 - Avoid using regex in ACL if possible -- Ticket 48178 - add config param to enable nunc-stans -- Ticket 48191 - CI test: added test cases for ticket 48191 -- Ticket 48191 - RFE: Adding nsslapd-maxsimplepaged-per-conn -- Ticket 48191 - RFE: Adding nsslapd-maxsimplepaged-per-conn Adding nsslapd-maxsimplepaged-per-conn -- Ticket 48194 - CI test: added test cases for ticket 48194 -- Ticket 48197 - error texts from preop plugins not sent to client - -* Wed Jun 17 2015 Noriko Hosoi - 1.3.3.12-1 -- release 1.3.3.12 -- Resolves: Bug 1232896 - CVE-2015-3230 389-ds-base: nsSSL3Ciphers preference not enforced server side - -* Tue Jun 16 2015 Fedora Release Engineering - 1.3.3.11-1.2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Thu Jun 11 2015 Jitka Plesnikova - 1.3.3.11-1.1 -- Perl 5.22 rebuild - -* Wed Jun 10 2015 Noriko Hosoi - 1.3.3.11-1 -- release 1.3.3.11 -- Ticket 48192 - Individual abandoned simple paged results request has no chance to be cleaned up -- Ticket 48190 - idm/ipa 389-ds-base entry cache converges to 500 KB in dblayer_is_cachesize_sane -- Ticket 48183 - bind on db chained to AD returns err=32 -- Ticket 48158 - cleanAllRUV task limit not being enforced correctly -- Ticket 48158 - Remove cleanAllRUV task limit of 4 -- Ticket 48146 - async simple paged results issue; need to close a small window for a pr index competed among multiple threads. -- Ticket 48146 - async simple paged results issue; log pr index -- Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) -- Ticket 48177 - dynamic plugins should not return an error when modifying a critical plugin -- Ticket 48146 - async simple paged results issue - -* Fri Jun 05 2015 Jitka Plesnikova - 1.3.3.10-1.1 -- Perl 5.22 rebuild - -* Tue Apr 28 2015 Noriko Hosoi - 1.3.3.10-1 -- release 1.3.3.10 -- Resolves: Bug 1216203 - CVE-2015-1854 389ds-base: access control bypass with modrdn - -* Fri Mar 6 2015 Noriko Hosoi - 1.3.3.9-1 -- bump version to 1.3.3.9 -- Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all] -- Ticket 47801 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown -- Ticket 47957 - Make ReplicaWaitForAsyncResults configurable -- Ticket 47431 - CI test: added test cases for ticket 47431 -- Ticket 47431 - Duplicate values for the attribute nsslapd-pluginarg are not handled correctly -- Ticket 47936: Create a global lock to serialize write operations over several backends -- Ticket 48021 - nsDS5ReplicaBindDNGroup checkinterval not working properly -- Ticket 48048 - Fix coverity issues - 2015/3/1 -- Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) -- Ticket 48109 - CI test: added test cases for ticket 48109 -- Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) -- Ticket 48048 - Fix coverity issues - 2015/2/24 -- Ticket 48030 - spec file should run "systemctl stop" against each running instance instead of dirsrv.target -- Ticket 47828: DNA scope: allow to exlude some subtrees -- Ticket 47988: test case -- Ticket 47901: After total init, nsds5replicaLastInitStatus can report an erroneous error status (like 'Referral') -- Ticket 48003 - add template scripts -- Ticket 48003 - build "suite" framework -- Ticket 48005 - CI test: added test cases for ticket 48005 -- Ticket 48005 - ns-slapd crash in shutdown phase -- Ticket 47742 - 64bit problem on big endian: auth method not supported -- Ticket 47836 - Do not return '0' as empty fallback value of nsds5replicalastupdatestart and nsds5replicalastupdatestart -- Ticket 47728 - compilation failed with ' incomplete struct/union/enum' if not set USE_POSIX_RWLOCKS -- Ticket 48027 - revise the rootdn plugin configuration validation -- Ticket 47451 - dynamic plugins - fix crash caused by invalid plugin config -- Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD - -* Wed Feb 25 2015 Noriko Hosoi - 1.3.3.8-2 -- Fixes spec file to make sure all the server instances are stopped before upgrade -- Ticket 48030 - DNS errors after IPA upgrade due to broken ReplSync - -* Wed Feb 04 2015 Noriko Hosoi - 1.3.3.8-1 -- bump version to 1.3.3.8 -- Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD -- Ticket 47963 - memberof skip nested groups breaks the plugin - -* Wed Feb 04 2015 Petr Machata - 1.3.3.7-2.1 -- Bump for rebuild. - -* Wed Jan 28 2015 Noriko Hosoi - 1.3.3.7-2 -- removed USE_64=1 which is not used any more. - -* Wed Jan 28 2015 Noriko Hosoi - 1.3.3.7-1 -- bump version to 1.3.3.7 -- Coverity 12970 - Explicit null dereference -- Ticket 47988 - Schema learning mechanism, in replication, unable to extend an existing definition -- Ticket 47996 - ldclt needs to support SSL Version range -- Ticket 47738 - use PL_strcasestr instead of strcasestr -- Ticket 47462 - Stop using DES in the reversible password encryption plug-in -- Ticket 47807 - SLAPI_REQUESTOR_ISROOT not set for extended operation plugins -- Ticket 47991 - upgrade script fails if /etc and /var are on different file systems -- Ticket 47989 - Windows Sync accidentally cleared raw_entry -- Ticket 47964 - v2 - Incorrect search result after replacing an empty attribute -- Ticket 47934 - nsslapd-db-locks modify not taking into account. -- Ticket 47617 - replication changelog trimming setting validation -- Ticket 47905 - Bad manipulation of passwordhistory -- Ticket 47973 - During schema reload sometimes the search returns no results -- Ticket 47981 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes -- Ticket 47980 - Nested COS definitions can be incorrectly processed -- Ticket 47451 - Dynamic plugins - fixed thread synchronization -- Ticket 47750 - During delete operation do not refresh cache entry if it is a tombstone -- Ticket 47947 - start dirsrv after chrony on RHEL7 and Fedora -- fix jenkins warning -- Ticket 47526 - Additional fix for ticket 47526 v3 -- Ticket 47451 - Add Dynamic Plugin CI Suite -- Ticket 47965 - Fix coverity issues (2014/12/16) -- Ticket 47451 - Fix jenkins errors -- Ticket 47451 - Dynamic Plugin - various fixes -- Ticket 47935 - Error: failed to open an LDAP connection to host 'example.org' port '389' as user 'cn=Directory Manager'. Error: unknown. -- Ticket 47750 - Need to refresh cache entry after called betxn postop plugins -- Ticket 47942 - DS hangs during online total update -- Ticket 47960 - cookie_change_info returns random negative number if there was no change in a tree -- Ticket 47960 - cookie_change_info returns random negative number if there was no change in a tree -- Ticket 47722 - Using the filter file does not work -- Ticket 47636 - Error log levels not displayed correctly -- Ticket 47965 - Fix coverity issues (2014/11/24) -- Ticket 47969 - Fix coverity issue -- Ticket 47949 - logconv.pl -- support parsing/showing/reporting different protocol versions -- Ticket 47525 - Crash if setting invalid plugin config area for MemberOf Plugin -- Ticket 47970 - add lib389 testcase -- Ticket 47970 - Account lockout attributes incorrectly updated after failed SASL Bind -- Ticket 47969 - COS memory leak when rebuilding the cache -- Ticket 47967 - cos_cache_build_definition_list does not stop during server shutdown -- Ticket 47451 - Running a plugin task can crash the server -- Ticket 47963 - skip nested groups breaks memberof fixup task -- Ticket 47963 - RFE - memberOf - add option to skip nested group lookups during delete operations -- Ticket 47810 - RI plugin does not return result code if update fails - -* Mon Jan 26 2015 David Tardon - 1.3.3.6-1.1 -- rebuild for ICU 54.1 - -* Thu Nov 20 2014 Mark Reynolds - 1.3.3.6-1 -- 5d72a2f bump version to 1.3.3.6-1 -- Ticket 47950 - Bind DN tracking unable to write to internalModifiersName without special permissions -- Ticket 47958 - Memory leak in password admin if the admin entry does not exist -- Ticket 47952 - PasswordAdminDN attribute is not properly returned to client -- Ticket 47451 - Need to unregister tasks created by plugins -- Ticket 47928 - Disable SSL v3, by default. -- Ticket 47953 - Should not check aci syntax when deleting an aci -- Ticket 47948 - ldap_sasl_bind fails assertion (ld != NULL) if it is called from chainingdb_bind over SSL/startTLS -- Ticket 47945 - Add SSL/TLS version info to the access log -- Ticket 47939 - Malformed cookie for LDAP Sync makes DS crash -- Ticket 47937 - Crash in entry_add_present_values_wsi_multi_valued -- Ticket 47928 - CI test: added test cases for ticket 47928 -- Ticket 47553 - Enhance ACIs to have more control over MODRDN operations - -* Fri Oct 10 2014 Noriko Hosoi - 1.3.3.5-1 -- Release 1.3.3.5 -- Ticket 47914 - Add FreeIPA Conflicts to 389 spec file -- Ticket 47922 - dynamically added macro aci is not evaluated on the fly -- Ticket 47897 - Need to move slapi_pblock_set(pb, SLAPI_MODRDN_EXISTING_ENTRY, original_entry->ep_entry) prior to original_entry overwritten -- Ticket 47920 - Encoding of SearchResultEntry is missing tag -- Ticket 47912 - Proper handling of "No original_tombstone for changenumber" errors -- Ticket 47899 - Fix slapi_td_plugin_lock_init prototype -- Ticket 47919 - ldbm_back_modify SLAPI_PLUGIN_BE_PRE_MODIFY_FN does not return even if one of the preop plugins fails. -- Ticket 47892 - Fix remaining compiler warnings -- ticket 47916 - plugin logging parameter only triggers result logging -- Ticket 47918 - result of dna_dn_is_shared_config is incorrectly used -- Ticket 47900 - Server fails to start if password admin is set -- Ticket 47892 - coverity defects found in 1.3.3.x - -* Wed Oct 01 2014 Noriko Hosoi - 1.3.3.4-1 -- Release 1.3.3.4 -- Ticket 47880 - CI test: added test cases for ticket 47880 -- Ticket 47880 - provide enabled ciphers as search result -- Ticket 47838 - CI test: adjusted test cases based on the phase 2 fixes for ticket 47838 -- Ticket 47838 - harden the list of ciphers available by default (phase 2) -- Ticket 47900 - Adding an entry with an invalid password as rootDN is incorrectly rejected -- Ticket 47908 - 389-ds 1.3.3.0 does not adjust cipher suite configuration on upgrade, breaks itself and pki-server -- Ticket 47907 - ldclt: assertion failure with -e "add,counteach" -e "object=,rdn=uid:test[A=INCRNNOLOOP(0;24 -- Ticket 47750 - Creating a glue fails if one above level is a conflict or missing - -* Sun Sep 14 2014 Peter Robinson 1.3.3.3-2 -- Use generic 64 bit detection (fixes aarch64/ppc64le) -- PPC/s390 has lm_sensors -- Minor spec cleanups - -* Fri Sep 12 2014 Rich Megginson - 1.3.3.3-1 -- Release 1.3.3.3 -- Ticket #47892 - coverity defects found in 1.3.3.1 - -* Fri Sep 12 2014 Nathan Kinder - 1.3.3.2-1 -- Release 1.3.3.2 -- Ticket 47889 - DS crashed during ipa-server-install on test_ava_filter -- Ticket 47895 - If no effective ciphers are available, disable security setting. -- Ticket 47838 - harden the list of ciphers available by default -- Ticket 47885 - did not always return a response control -- Ticket 47890 - minor memory leaks in utilities -- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry's DN must be adjusted. -- Ticket 47748 - Simultaneous adding a user and binding as the user could fail in the password policy check -- Ticket 47875 - dirsrv not running with old openldap -- Ticket 47885 - deref plugin should not return references with noc access rights - -* Thu Sep 04 2014 Jitka Plesnikova - 1.3.3.0-2 -- Perl 5.20 rebuild - -* Wed Sep 03 2014 Noriko Hosoi - 1.3.3.0-1 -- Release 1.3.3.0 -- Ticket 47879 - coverity defects in plugins/replication/windows_protocol_util.c -- Ticket 47876 - coverity defects in slapd/tools/mmldif.c -- Ticket 47574 - start dirsrv after ntpd -- Ticket 47838 - harden the list of ciphers available by default -- Ticket 47579 - add dbmon.sh -- Ticket 47819 - Fix memory leak -- Ticket 47819 - Improve tombstone purging performance -- Ticket 47714 - [RFE] Update lastLoginTime also in Account Policy plugin if account lockout is based on passwordExpirationTime. -- Ticket 47812 - logconv.pl missing -U option from usage -- Ticket 47664 - Page control does not work if effective rights control is specified -- Ticket 47790 - Integer config attributes accept invalid values at server startup -- Ticket 47710 - Missing warning for invalid replica backoff configuration -- Ticket 47853 - Missing newline at end of the error log messages in memberof -- Ticket 47853 - client hangs in add if memberof fails -- Ticket 47746 - ldap/servers/slapd/back-ldbm/dblayer.c: possible minor problem with sscanf -- Ticket 47711 - improve dbgen rdn generation, output and man page. -- Ticket 47855 - Fix previous commit -- Ticket 47859 - Coverity: 12692 & 12717 -- Ticket 47855 - clear tmp directory at the start of each test -- Ticket 47844 - Fix hyphens used as minus signed and other manpage mistakes -- Ticket 47843 - Fix various typos in manpages & code -- Ticket 47832 - attrcrypt_generate_key calls slapd_pk11_TokenKeyGenWithFlags with improper macro -- Ticket 47852 - Updating winsync one-way sync does not affect the behaviour dynamically -- Ticket 47846 - server crashes deleting a replication agreement -- Ticket 47823 - attribute uniqueness enforced on all subtrees -- Ticket 47654 - Fix regression (deadlock/crash) -- Ticket 47827 - Fix coverity issue 12695 -- Ticket 47829: memberof scope: allow to exclude subtrees -- Ticket 47815 - Add operations rejected by betxn plugins remain in cache -- Ticket 47808 - If be_txn plugin fails in ldbm_back_add, adding entry is double freed -- Ticket 555 - add fixup-memberuid.pl script -- Ticket 47827 - online import crashes server if using verbose error logging -- fix compiler error with alst coverity commit -- fix coverity issue 12621 -- Ticket 47810 - investigate betxn plugins to ensure they return the correct error code -- Ticket 47602 - txn commit being performed too early -- Ticket 47752 - Don't add unhashed password mod if we don't have an unhashed value -- Ticket 47803 - syncrepl crash if attribute list is non-empty -- Ticket 47466 - Fix coverity issue -- Ticket 47644 - Managed Entry Plugin - transaction not aborted upon failure to create managed entry -- Ticket 47791 - Negative value of nsSaslMapPriority is not reset to lowest priority -- Ticket 47805 - syncrepl doesn't send notification when attribute in search filter changes -- Ticket 47636 - errorlog-level 16384 is listed as 0 in cn=config -- Ticket 47451 - Remove old code from linked attr plugin -- Ticket 47756 - fix coverity issues -- Ticket 47761 - Return all attributes in rootdse without explicit request -- fix assertion failure introduced with fix for ticket 47667 -- Ticket 47712 - betxn: retro changelog broken after cancelled transaction -- Ticket 47667 - Allow nsDS5ReplicaBindDN to be a group DN -- Ticket 47655 - Improve replication total update logging -- Ticket 47756 - Improve import logging and abort processing -- Ticket 47451 - add/enable/disable/remove plugins without server restart -- Ticket 47553 - Enhance ACIs to have more control over MODRDN operations -- Ticket 47727 - Updating nsds5ReplicaHost attribute in a replication agreement fails with error 53 -- Ticket 47725 - compiler error on daemon.c -- Ticket 47701 - Make retro changelog trim interval programmable -- Ticket 47453 - configure SASL/GSSAPI/Kerberos without server restart -- Ticket 47701 - Make retro changelog trim interval programmable -- Ticket 47602 - Make ldbm_back_seq independently support transactions -- Ticket 47552 - logconv: unindexed report should list bind dn -- Ticket 47619 - cannot reindex retrochangelog -- Update test cases due to new modules: Schema, tasks, plugins and index -- Ticket 47608 - change slapi_entry_attr_get_bool to handle "on"/"off" values, support default value -- Ticket 47437 - Some attributes in cn=config should not be multivalued -- Ticket 47573 - schema push can be erronously prevented -- Ticket 47618 - Enable normalized DN cache by default -- Ticket 47570 - slapi_ldap_init unusable during independent plugin development -- Ticket 47659 - ldbm_usn_init: Valgrind reports Invalid read / SIGSEGV -- Ticket 47654 - fix double free -- Ticket 47675 - logconv errors when search has invalid bind dn -- Ticket 47657 - add schema test suite and tests for Ticket #47634 -- Ticket 47668 - test: port ticket47490_test to Replica/Agreement interface (47600) -- Ticket 47654 - Cleanup old memory leaks reported from valgrind -- Ticket 47651 - Finaliser to remove instances backups -- Ticket 47603 - should not modify pre op entry during config validation -- Ticket 47628 - port testcases to new DirSrv interface -- Ticket 47525 - Don't modify preop entry in memberOf config -- Ticket 605 - support TLS 1.1 - Fixing "Coverity 12415 - Logically dead code" -- Ticket 605 - support TLS 1.1 - lower the log level for the supported NSS version range -- Ticket 47368 - fix memory leaks -- Ticket 605 - support TLS 1.1 - adding backward compatibility -- Ticket 605 - support TLS 1.1 -- Ticket 47603 - Allow RI plugin to use alternate config area -- Ticket 47586 - Need to rebind after a stop (fix to run direct python script) -- Ticket 47525 - Need to add locking around config area access -- Ticket 47457 - default nsslapd-sasl-max-buffer-size should be 2MB -- Ticket 47525 - Fix memory leak -- Ticket 381 - Recognize compressed log files -- Ticket 47525 - Allow memberOf to use an alternate config area -- Ticket 47529 - Automember plug-in should treat MODRDN operations as ADD operations -- Ticket 47521 - Complex filter in a search request doen't work as expected. -- Ticket 47582 - agmt_count in Replica could become (PRUint64)-1 -- Ticket 47368 - Fix coverity issues -- Ticket 47555 - db2bak.pl issue when specifying non-default directory -- Ticket 47368 - Fix Jenkins errors -- Ticket 47368 - IPA server dirsrv RUV entry data excluded from replication -- Ticket 538 - - hardcoded sasl2 plugin path in ldaputil.c, saslbind.c -- Ticket 47519 - memory leaks in access control -- Ticket 47398 - memberOf on a user is converted to lowercase -- Coverity Issue 12033 -- Ticket 47530 - dbscan on entryrdn should show all matching values -- Ticket 47422 - With 1.3.04 and subtree-renaming OFF, when a user is deleted after restarting the server, the same entry can't be added -- bump autoconf to 2.69, automake to 1.13.4, libtool to 2.4.2 -- Ticket 47436 - 389-ds-base - shebang with /usr/bin/env -- Ticket 47499 - if nsslapd-cachememsize set to the number larger than the RAM available, should result in proper error message. -- Ticket 47530 - dbscan on entryrdn should show all matching values -- Ticket 47535 - update man page -- Ticket 53 - Need to update supported locales Cleaning up typos and format. -- Ticket 47535 - Logconv.pl - RFE - add on option for a minimum etime for unindexed search stats -- Ticket 47491 - Update systemd service file to use PartOf directive - -* Wed Sep 03 2014 Jitka Plesnikova - 1.3.2.23-1.1 -- Perl 5.20 rebuild - -* Wed Aug 27 2014 Noriko Hosoi - 1.3.2.23-1 -- Release 1.3.2.23 -- Ticket 47871 - 389-ds-base-1.3.2.21-1.fc20 crashed over the weekend -- Ticket 47866 - Errors after upgrading related to attribute "dnaremotebindmethod" -- Ticket 47816 - v2- internal syncrepl searches are flagged as unindexed -- Ticket 47877 - check_and_add_entry fails for changetype: add and existing entry -- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry's DN must be adjusted. -- Ticket 47875 - dirsrv not running with old openldap -- Revert "Ticket #47875 - dirsrv not running with old openldap" -- Ticket 47875 - dirsrv not running with old openldap -- Ticket 47446 - logconv.pl memory continually grows -- Ticket 47874 - Performance degradation with scope ONE after some load -- Ticket 47872 - Filter AND with only one clause should be optimized -- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry's DN must be adjusted. -- Ticket 47862 - repl-monitor fails to convert "*" to default values -- Ticket 47824 - paged results control is not working in some cases when we have a subsuffix. -- Ticket 47862 - Repl-monitor.pl ignores the provided connection parameters -- Ticket 346 - Fixing memory leaks -- Ticket 47753 - Add switch to disable pre-hashed password checking -- Ticket 47861 - Certain schema files are not replaced during upgrade -- Ticket 47858 - Internal searches using OP_FLAG_REVERSE_CANDIDATE_ORDER can crash the server -- Ticket 47797 - fix the indentation -- Ticket 47797 - DB deadlock when two threads (on separated backend) try to record changes in retroCL -- Ticket 47692 - single valued attribute replicated ADD does not work -- Ticket 47781 - Server deadlock if online import started while server is under load - -* Wed Aug 27 2014 Jitka Plesnikova - 1.3.2.22-1.3 -- Perl 5.20 rebuild - -* Tue Aug 26 2014 David Tardon - 1.3.2.22-1.2 -- rebuild for ICU 53.1 - -* Fri Aug 15 2014 Fedora Release Engineering - 1.3.2.22-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Tue Aug 12 2014 Noriko Hosoi - 1.3.2.22-1 -- Release 1.3.2.21 -- Resolves: #1127833 - Ticket 47869 - unauthenticated information disclosure (Bug 1123477) - 389-ds-base-1.3.2.22 = 389-ds-base-1.3.2.19 + Bug 1127833 fix. - -* Thu Aug 07 2014 Noriko Hosoi - 1.3.2.21-1 -- Release 1.3.2.21 -- Resolves: #1127833 - Ticket 47869 - unauthenticated information disclosure (Bug 1123477) -- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry's DN must be adjusted. -- Ticket 47862 - repl-monitor fails to convert "*" to default values -- Ticket 47824 - paged results control is not working in some cases when we have a subsuffix. -- Ticket 47862 - Repl-monitor.pl ignores the provided connection parameters -- Ticket 346 - Fixing memory leaks - -* Tue Jul 22 2014 Noriko Hosoi - 1.3.2.20-1 -- Release 1.3.2.20 -- Ticket 47753 - Add switch to disable pre-hashed password checking -- Ticket 47861 - Certain schema files are not replaced during upgrade -- Ticket 47858 - Internal searches using OP_FLAG_REVERSE_CANDIDATE_ORDER can crash the server -- Ticket 47797 - DB deadlock when two threads (on separated backend) try to record changes in retroCL -- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry's DN must be adjusted. -- Ticket 47692 - single valued attribute replicated ADD does not work -- Ticket 47781 - Server deadlock if online import started while server is under load - -* Thu Jul 03 2014 Noriko Hosoi - 1.3.2.19-1 -- Release 1.3.2.19 -- Ticket 47779 - Potential deadlock after startup if a dna configuration change is made -- Ticket 47839 - 389-ds production segfault: __memcpy_sse2_unaligned... - -* Tue Jul 01 2014 Noriko Hosoi - 1.3.2.18-1 -- Release 1.3.2.18 -- Ticket 47750 - Creating a glue fails if one above level is a conflict or missing -- Ticket 47763 - winsync plugin modify is broken -- Ticket 47821 - deref plugin cannot handle complex acis -- Ticket 47831 - server restart wipes out index config if there is a default index -- Ticket 47817 - The error result text message should be obtained just prior to sending result -- Ticket 47815 - Add operations rejected by betxn plugins remain in cache -- Ticket 47809 - find a way to remove replication plugin errors messages "changelog iteration code returned a dummy entry with csn %%s, skipping ..." -- Ticket 47704 - invalid sizelimits in aci group evaluation -- Ticket 47813 - remove "goto bail" from previous commit -- Ticket 47813 - managed entry plugin fails to update member pointer on modrdn operation -- Ticket 47808 - If be_txn plugin fails in ldbm_back_add, adding entry is double freed. -- Ticket 47770 - #481 breaks possibility to reassemble memberuid list - -* Fri Jun 06 2014 Fedora Release Engineering - 1.3.2.17-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Thu May 29 2014 Noriko Hosoi - 1.3.2.17-1 -- Release 1.3.2.17 -- Ticket 47446 - logconv.pl memory continually grows -- Ticket 47713 - Logconv.pl with an empty access log gives lots of errors -- Ticket 47806 - Failed deletion of aci: no such attribute -- bump version -- Ticket 47720 - Normalization from old DN format to New DN format doesnt handel condition properly when there is space in a suffix after the seperator operator. -- Ticket 47670 - Aci warnings in error log -- Ticket 47721 - Schema Replication Issue (follow up) -- Ticket 47721 - Schema Replication Issue (follow up + cleanup) -- Ticket 47721 - Schema Replication Issue -- Ticket 47676 - (cont.) Replication of the schema fails 'master branch' -> 1.2.11 or 1.3.1 -- Ticket 47676 - Replication of the schema fails 'master branch' -> 1.2.11 or 1.3.1 -- Ticket 47541 - Fix Jenkins errors -- Ticket 47541 - Replication of the schema may overwrite consumer 'attributetypes' even if consumer definition is a superset -- Ticket 47804 - db2bak.pl error with changelogdb -- Ticket 47780 - Some VLV search request causes memory leaks -- Ticket 47787 - A replicated MOD fails (Unwilling to perform) if it targets a tombstone -- Ticket 47764 - Problem with deletion while replicated -- Ticket 47750 - Creating a glue fails if one above level is a conflict or missing; Ticket 47696 - Large Searches Hang - Possibly entryrdn related -- Ticket 47772 - fix coverity issue -- Ticket 47793 - Server crashes if uniqueMember is invalid syntax and memberOf plugin is enabled. -- Ticket 47792 - database plugins need a way to call betxn plugins -- Ticket 47707 - 389 DS Server crashes and dies while handles paged searches from clients -- Ticket 47792 - code cleanup -- Ticket 47779 - Need to lock server list when removing list -- Ticket 47771 - Move parentsdn initialization to avoid crash -- Ticket 47779 - Part of DNA shared configuration is deleted after server restart -- Ticket 346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values -- Ticket 47782 - Parent numbordinate count can be incorrectly updated if an error occurs -- Ticket 47772 - empty modify returns LDAP_INVALID_DN_SYNTAX -- Ticket 47774 - mem leak in do_search - rawbase not freed upon certain errors -- Ticket 47773 - mem leak in do_bind when there is an error -- Ticket 47771 - Performing deletes during tombstone purging results in operation errors -- Ticket 47767 - Nested tombstones become orphaned after purge -- Ticket 47766 - Tombstone purging can crash the server if the backend is stopped/disabled -- Ticket 47759 - Crash in replication when server is under write load -- Ticket 47740 - Fix coverity issues(part 7) -- Ticket 47748 - Simultaneous adding a user and binding as the user could fail in the password policy check -- Ticket 47743 - Memory leak with proxy auth control -- Ticket 47740 - Crash caused by changes to certmap.c -- Ticket 47733 - ds logs many "Operation error fetching Null DN" messages -- Ticket 47740 - Fix coverity issues: null deferences - Part 6 -- Ticket 47732 - ds logs many "SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN plugin returned error" messages -- Ticket 47740 - Coverity issue in 1.3.3 -- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry -- Ticket 47740 - Fix coverity issues - Part 5 -- Ticket 47740 - Fix coverity erorrs - Part 4 -- Ticket 47640 - Fix coverity issues - part 3 -- Ticket 47740 - Fix sync plugin resource leaks -- Ticket 47538 - RFE: repl-monitor.pl plain text output, cmdline config options -- Ticket 47740 - Coverity Fixes (Mark - part 1) -- Ticket 47734 - Change made in resolving ticket #346 fails on Debian SPARC64 -- Ticket 47722 - Fixed filter not correctly identified -- Ticket 47722 - rsearch filter error on any search filter - -* Fri Mar 14 2014 Noriko Hosoi - 1.3.2.16-1 -- Release 1.3.2.16 (This release is 1.3.2.13 + Ticket 47739) -- Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind - -* Thu Mar 13 2014 Noriko Hosoi - 1.3.2.15-1 -- Bump version to 1.3.2.15 -- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry -- Ticket 47740 - Coverity issue in 1.3.3 -- Ticket 47740 - Fix coverity issues - Part 5 -- Ticket 47740 - Fix coverity erorrs - Part 4 -- Ticket 47640 - Fix coverity issues - part 3 -- Ticket 47740 - Fix sync plugin resource leaks -- Ticket 47538 - RFE: repl-monitor.pl plain text output, cmdline config options -- Ticket 47740 - Coverity Fixes (Mark - part 1) -- Ticket 47734 - Change made in resolving ticket #346 fails on Debian SPARC64 -- Ticket 47722 - Fixed filter not correctly identified -- Ticket 47722 - rsearch filter error on any search filter - -* Mon Mar 10 2014 Noriko Hosoi - 1.3.2.14-1 -- Bump version to 1.3.2.14 -- Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind -- Ticket 47737 - Under heavy stress, failure of turning a tombstone into glue makes the server hung -- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry -- Ticket 47729 - Directory Server crashes if shutdown during a replication initialization -- Ticket 47637 - rsa_null_sha should not be enabled by default - -* Fri Feb 28 2014 Noriko Hosoi - 1.3.2.13-1 -- Bump version to 1.3.2.13 -- The previous version 1.3.2.12 missed to increment the version in VERSION.sh - -* Fri Feb 28 2014 Noriko Hosoi - 1.3.2.12-1 -- Bump version to 1.3.2.12 -- Ticket 408 - create a normalized dn cache -- Ticket 571 - Empty control list causes LDAP protocol error is thrown (dup 47361) -- Ticket 408 - create a normalized dn cache -- Ticket 47699 - Propagate plugin precedence to all registered function types -- Ticket 525 - Replication retry time attributes cannot be added -- Ticket 47709 - package issue in 389-ds-base -- Ticket 47700 - Unresolved external symbol references break loading of the ACL plugin -- Ticket 47642 - Windows Sync group issues -- Ticket 525 - Replication retry time attributes cannot be added -- Ticket 47692 - single valued attribute replicated ADD does not work -- Ticket 47615 - Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version -- Ticket 47677 - Size returned by slapi_entry_size is not accurate -- Ticket 47693 - Environment variables are not passed when DS is started via service - -* Thu Feb 20 2014 Noriko Hosoi - 1.3.2.11-3 -- Added arch aware python dir; moved libns-dshttpd.so* to devel and libs package. - -* Fri Feb 14 2014 Parag Nemade - 1.3.2.11-2 -- Rebuild for icu 52 - -* Wed Feb 5 2014 Noriko Hosoi - 1.3.2.11-1 -- Bump version to 1.3.2.11 -- Ticket 47653 - Need a way to allow users to create entries assigned to themselves. -- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used -- Ticket 47374 - flush.pl is not included in perl5 -- Ticket 47649 - Server hangs in cos_cache when adding a user entry -- Ticket 443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error -- Ticket 47638 - Overflow in nsslapd-disk-monitoring-threshold on 32bit platform -- Ticket 47641 - 7-bit check plugin not checking MODRDN operation -- Ticket 342 - better error message when cache overflows -- Ticket 47516 - replication stops with excessive clock skew -- Ticket 47620 - Unable to delete protocol timeout attribute -- Ticket 408 - Fix crash when disabling/enabling the setting -- Ticket 47629 - random crashes related to sync repl -- Ticket 47571 - targetattr ACIs ignore subtype -- Ticket 47660 - config_set_allowed_to_delete_attrs: Valgrind reports Invalid read -- Revert "Ticket 47653 - Need a way to allow users to create entries assigned to themselves" - -* Wed Jan 8 2014 Noriko Hosoi - 1.3.2.10-1 -- Bump version to 1.3.2.10 -- Ticket 447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs -- Ticket 47653 - Need a way to allow users to create entries assigned to themselves -- Ticket 47647 - remove bogus definition in 60rfc3712.ldif -- Ticket 47634 - support AttributeTypeDescription USAGE userApplications distributedOperation dSAOperation -- Ticket 47645 - reset stack, op fields to NULL - clean up stacks at shutdown - free unused plugin config entries - -* Tue Dec 17 2013 Noriko Hosoi - 1.3.2.9-1 -- Bump version to 1.3.2.9 -- Ticket 47621 - v2 make referential integrity configuration more flexible -- Ticket 47620 - Fix missing left bracket -- Ticket 47620 - Fix dereferenced NULL pointer in agmtlist_modify_callback() -- Ticket 47606 - replica init/bulk import errors should be more verbose -- Ticket 47631 - objectclass may, must lists skip rest of objectclass once first is found in sup -- Ticket 47627 - Fix replication logging -- Ticket 47620 - Fix logically dead code. -- Ticket 47313 - Indexed search with filter containing '&' and "!" with attribute subtypes gives wrong result -- Ticket 47620 - Config value validation improvement -- Ticket 47620 - Fix cherry-pick error for 1.3.2 and 1.3.1 -- Ticket 47613 - Issues setting allowed mechanisms -- Ticket 47617 - allow configuring changelog trim interval -- Ticket 47601 - Plugin library path validation prevents intentional loading of out-of-tree modules -- Ticket 47627 - changelog iteration should ignore cleaned rids when getting the minCSN -- Ticket 47623 - fix memleak caused by 47347 -- Ticket 47622 - Automember betxnpreoperation - transaction not aborted when group entry does not exist -- Ticket 47623 - fix memleak caused by 47347 -- Ticket 47620 - 389-ds rejects nsds5ReplicaProtocolTimeout attribute - -* Fri Dec 6 2013 Noriko Hosoi - 1.3.2.8-1 -- Bump version to 1.3.2.8 -- Ticket 47612 - ns-slapd eats all the memory -- Ticket 47527 - Allow referential integrity suffixes to be configurable -- Ticket 47526 - Allow memberof suffixes to be configurable -- Ticket 342 - better error message when cache overflows (phase 2) -- Ticket 47587 - hard coded limit of 64 masters in agreement and changelog code -- Ticket 47611 - Add script to build patched RPMs -- Ticket 47614 - Possible to specify invalid SASL mechanism in nsslapd-allowed-sasl-mechanisms -- Ticket 47613 - Impossible to configure nsslapd-allowed-sasl-mechanisms -- Ticket 47592 - automember plugin task memory leaks -- Ticket 47591 - entries with empty objectclass attribute value can be hidden -- Ticket 47596 - attrcrypt fails to find unlocked key - -* Mon Nov 25 2013 Mark Reynolds - 1.3.2.7-1 -- 924ead4 Bump version to 1.3.2.7 -- Ticket 47593 - Update plugin API for OTP plugin -- Ticket 47599 - fix memory leak in ldbm_back_seq() - -* Fri Nov 22 2013 Rich Megginson - 1.3.2.6-1 -- Ticket 47599 - Reduce lock scope in retro changelog plug-in -- previous fix missing defition of retrocl_cn_lock - -* Thu Nov 21 2013 Rich Megginson - 1.3.2.5-1 -- Ticket #47605 CVE-2013-4485: DoS due to improper handling of ger attr searches - -* Wed Nov 20 2013 Mark Reynolds - 1.3.2.4-1 -6cdca01 bump version to 1.3.2.4 -Ticket 47599 - Reduce lock scope in retro changelog plug-in -Ticket 47596 - attrcrypt fails to find unlocked key -Ticket 47598 - Convert ldbm_back_seq code to be transaction aware -Ticket 47597 - Convert retro changelog plug-in to betxn -Ticket 47585 - Replication Failures related to skipped entries due to cleaned rids -Ticket 47588 - Compiler warnings building on F19 -Ticket 47581 - Winsync plugin segfault during incremental backoff (phase 2) -Ticket 47581 - Winsync plugin segfault during incremental backoff -Ticket 47577 - crash when removing entries from cache -6b16d30 Revert "Ticket #47559 hung server - related to sasl and initialize" - -* Mon Oct 28 2013 Noriko Hosoi - 1.3.2.3-1 -- release 1.3.2.3 -- Ticket 47515 - Fedora 20: setup-ds-admin.pl -- Ticket 47569 - Fix build warnings -- Ticket 47569 - ACIs do not allow attribute subtypes in targetattr keyword -- Ticket 47565 - Content Sync update file needs extensibleObject -- Ticket 47560 - fixup memberof task does not work: task entry not added -- Ticket 47559 - hung server - related to sasl and initialize - -* Fri Oct 11 2013 Noriko Hosoi - 1.3.2.2-1 -- release 1.3.2.2 -- Ticket 47517 - memory leak in range searches and other various leaks -- ticket 47550 - wip (cherry picked from commit 82377636267787be5182457d619d5a0b662d2658) -- Ticket 47550 - logconv: failed logins: Use of uninitialized value in numeric comparison at logconv.pl line 949 - -* Thu Oct 10 2013 Noriko Hosoi - 1.3.2.1-1 -- release 1.3.2.1 -- Ticket 47513 - tmpfiles.d references /var/lock when they should reference /run/lock -- Ticket 47551 - logconv: -V does not produce unindexed search report -- Ticket 47490 - Schema replication between DS versions may overwrite newer base schema - -* Fri Oct 4 2013 Noriko Hosoi - 1.3.2.0-1 -- release 1.3.2.0 -- Ticket 48 - Active Directory has certain uids which are reserved and will cause a Directory Server replica initialization of an AD server to abort. -- Ticket 53 - Need to update supported locales -- Ticket 54 - locale "nl" not supported by collation plugin -- Ticket 77 - [RFE] Add ACI support for ldapi -- Ticket 123 - Enhancement request: "whoami" extended operation -- Ticket 153 - Schema file parsing overly picky? -- Ticket 182 - Pwd retry counters replication not enabled by default, and enabling it could lead to undesired results -- Ticket 197 - rhds82 rfe - BDB backend - clear free page files to reduce changelog size -- Ticket 205 - rhds81 rfe - snmp counters index strings for multiple network interfaces with ip addr and tcp port pairs -- Ticket 208 - [RFE] Roles with explicit scoping in RHDS -- Ticket 283 - Expose slapi_eq_* API -- Ticket 314 - ChainOnUpdate: "cn=directory manager" can modify userRoot on consumer without changes being chained or replicated. Directory integrity compromised. -- Ticket 411 - [RFE] mods optimizer -- Ticket 415 - winsync doesn't sync DN valued attributes if DS DN value doesn't exist -- Ticket 428 - posix winsync should support ADD user/group entries from DS to AD -- Ticket 460 - support multiple subtrees and filters -- Ticket 512 - improve performance of vattr code -- Ticket 513 - recycle operation pblocks -- Ticket 514 - investigate connection locking -- Ticket 521 - modrdn + NSMMReplicationPlugin - Consumer failed to replay change -- Ticket 564 - Is ldbm_txn_ruv_modify_context still required ? -- Ticket 568 - using transaction batchval violates durability -- Ticket 569 - examine replication code to reduce amount of stored state information -- Ticket 586 - selinux errors with /usr/sbin/setup-ds-admin.pl -- Ticket 589 - [RFE] Support RFC 4527 Read Entry Controls -- Ticket 601 - multi master replication allows schema violation -- Ticket 602 - replication inconsistency if attribute is modified several times in one operaion -- Ticket 607 - Replication issue: Entry can diverge betwen servers -- Ticket 609 - nsDS5BeginReplicaRefresh attribute accepts any value and it doesn't throw any error when server restarts. -- Ticket 615 - High contention on cos cache lock -- Ticket 617 - Possible to add invalid ACI value -- Ticket 626 - Possible to add nonexistent target to ACI -- Ticket 630 - The backend name provided to bak2db is not validated -- Ticket 47306 - execute index_add_mods only for indexed attributes -- Ticket 47310 - Attribute "dsOnlyMemberUid" not allowed when syncing nested posix groups from AD with posixWinsync -- Ticket 47313 - Indexed search with filter containing '&' and "!" with attribute subtypes gives wrong result -- Ticket 47314 - Winsync should support range retrieval -- Ticket 47316 - Search against 'view' is always reported as unindexed -- Ticket 47317 - should set LDAP_OPT_X_SASL_NOCANON to LDAP_OPT_ON by default -- Ticket 47319 - make connection buffer size adjustable -- Ticket 47320 - put conn on work_q not poll list if conn has buffered more_data -- Ticket 47323 - resurrected entry is not correctly indexed -- Ticket 47326 - idl switch does not work -- Ticket 47329 - Improve slapi_back_transaction_begin() return code when transactions are not available -- Ticket 47331 - Self entry access ACI not working properly -- Ticket 47337 - mep_pre_op: Unable to fetch origin entry -- Ticket 47340 - Deleting a separator ',' in 7-bit check plugin arguments makes the server fail to start with segfault -- Ticket 47350 - Allow search to look up 'in memory RUV' -- Ticket 47354 - Indexed search are logged with 'notes=U' in the access logs -- Ticket 47358 - backend performance - introduce optimization levels -- Ticket 47360 - Delete attribute could crash the server -- Ticket 47363 - 7-bit checking is not necessary for userPassword -- Ticket 47370 - DS crashes with some 7-bit check plugin configurations -- Ticket 47371 - Some updates of "passwordgraceusertime" are useless when updating "userpassword" -- Ticket 47372 - make old-idl tunable -- Ticket 47381 - nsslapd-db-transaction-batch-val turns to -1 -- Ticket 47382 - Add a warning message when a connection hits the max number of threads -- Ticket 47384 - Plugin library path validation -- Ticket 47387 - improve logconv.pl performance with large access logs -- Ticket 47388 - [RFE] Support 'Content Synchronization Operation' (SyncRepl) - RFC 4533 -- Ticket 47389 - Non-directory manager can change the individual userPassword's storage scheme -- Ticket 47394 - remove-ds.pl should remove /var/lock/dirsrv -- Ticket 47400 - MMR stress test with dna enabled causes a deadlock -- Ticket 47411 - Replace substring search with plain search in referint plugin -- Ticket 47416 - IPA replica's - "SASL encrypted packet length exceeds maximum allowed limit" -- Ticket 47423 - 7-bit check plugin does not work for userpassword attribute -- Ticket 47425 - should only call windows_update_done if repl agmt type is windows -- Ticket 47426 - move compute_idletimeout out of handle_pr_read_ready -- Ticket 47433 - With SeLinux, ports can be labelled per range. setup-ds.pl or setup-ds-admin.pl fail to detect already ranged labelled ports -- Ticket 47463 - IDL-style can become mismatched during partial restoration -- Ticket 47487 - enhance retro changelog -- Ticket 47502 - updates to ruv entry are written to retro changelog -- Ticket 47504 - idlistscanlimit per index/type/value -- Ticket 47505 - get rid of valueset_add_valuearray_ext -- Ticket 47520 - Fix various issues with logconv.pl -- Ticket 47522 - Password administrators should be able to violate password policy -- Ticket 47531 - 1.3.2 with mozldap - need to redo sasl_io_recv -- Ticket 47532 - 1.3.2 with mozldap - crashes in new operation work_q -- Ticket 47539 - Disabling DNA plug-in throws error 53 -- Ticket 47543 - mozldap - fix compiler warnings - -* Mon Sep 30 2013 Rich Megginson - 1.3.1.11-1 -- Ticket 47513 - Set localrundir outside of the "with-fhs" block -- Ticket 47513 - Refine the check for @localrundir@ -- Ticket 47510 - remove unnecessary typedef -- Ticket 47510 - Repl Sync does not compile against MozLDAP libraries - -* Fri Sep 27 2013 Rich Megginson - 1.3.1.10-1 -- Ticket #47534 - RUV tombstone search with scope "one" doesn`t work -- Ticket 47510 - 389-ds-base does not compile against MozLDAP libraries -- Ticket #47523 - Set up replcation/agreement before initializing the sub suffix, the sub suffix is not found by ldapsearch -- Ticket 47528 - 389-ds-base built with mozldap can crash from invalid free -- Ticket #47504 idlistscanlimit per index/type/value -- Ticket 47513 - tmpfiles.d references /var/lock when they should reference /run/lock -- Ticket #47492 - PassSync removes User must change password flag on the Windows side -- Ticket 47509 - CLEANALLRUV doesnt run across all replicas -- Ticket #47516 replication stops with excessive clock skew -- 6829200 Coverity fix - 11952 - for Ticket 47512 -- Ticket 47512 - backend txn plugin fixup tasks should be done in a txn - -* Fri Sep 13 2013 Noriko Hosoi - 1.3.1.9-1 -- release 1.3.1.9 -- Ticket 449 - Allow macro aci keywords to be case-insensitive -- Ticket 47489 - Under specific values of nsDS5ReplicaName, replication may get broken or updates missing -- Ticket 47507 - automember rebuild task not working as expected - -* Fri Sep 6 2013 Rich Megginson - 1.3.1.8-1 -- Ticket #47455 - valgrind - value mem leaks, uninit mem usage -- fix breakage in slapi-nis introduced with the previous fix -- Ticket 47500 - start-dirsrv/restart-dirsrv/stop-disrv do not register with systemd correctly - -* Wed Aug 28 2013 Noriko Hosoi - 1.3.1.7-1 -- bump version to 1.3.1.7 -- Bug 1002215 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN -- Ticket 47488 - Users from AD sub OU does not sync to IPA -- Ticket 47461 - logconv.pl - Use of comma-less variable list is deprecated -- Ticket 47473 - setup-ds.pl doesn't lookup the "root" group correctly - -* Sat Aug 03 2013 Petr Pisar - 1.3.1.6-1.1 -- Perl 5.18 rebuild - -* Thu Aug 01 2013 Noriko Hosoi - 1.3.1.6-1 -- bump version to 1.3.1.6 -- Ticket 47455 - valgrind - value mem leaks, uninit mem usage -- fix coverity 11915 - dead code - introduced with fix for ticket 346 -- fix coverity 11895 - null deref - caused by fix to ticket 47392 -- fix compiler warning in posix winsync code for posix_group_del_memberuid_callback -- Fix compiler warnings for Ticket 47395 and 47397 -- fix compiler warning (cherry picked from commit 904416f4631d842a105851b4a9931ae17822a107) -- Ticket 47450 - Fix compiler formatting warning errors for 32/64 bit arch -- fix compiler warnings -- Fix compiler warning (cherry picked from commit ec6ebc0b0f085a82041d993ab2450a3922ef5502) - -* Wed Jul 31 2013 Noriko Hosoi - 1.3.1.5-1 -- bump version to 1.3.1.5 -- Ticket 47456 - delete present values should append values to deleted values -- Ticket 47455 - valgrind - value mem leaks, uninit mem usage -- Ticket 47448 - Segfault in 389-ds-base-1.3.1.4-1.fc19 when setting up FreeIPA replication -- Ticket 47440 - Fix runtime errors caused by last patch. -- Ticket 47440 - Fix compilation warnings and header files -- Ticket 47405 - CVE-2013-2219 ACLs inoperative in some search scenarios -- Ticket 47447 - logconv.pl man page missing -m,-M,-B,-D -- Ticket 47378 - fix recent compiler warnings -- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold -- Ticket 47449 - deadlock after adding and deleting entries -- Ticket 47441 - Disk Monitoring not checking filesystem with logs -- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - -* Fri Jul 19 2013 Noriko Hosoi - 1.3.1.4-1 -- bump version to 1.3.1.4 -- Ticket 47435 - Very large entryusn values after enabling the USN plugin and the lastusn value is negative. -- Ticket 47424 - Replication problem with add-delete requests on single-valued attributes -- Ticket 47367 - (phase 2) ldapdelete returns non-leaf entry error while trying to remove a leaf entry -- Ticket 47367 - (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry -- Ticket 47421 - memory leaks in set_krb5_creds -- Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of multi-valued attribute values -- Ticket 47369 version2 - provide default syntax plugin -- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold -- Ticket 47399 - RHDS denies MODRDN access if ACI list contains any DENY rule -- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold -- Ticket 47428 - Memory leak in 389-ds-base 1.2.11.15 -- Ticket 47392 - ldbm errors when adding/modifying/deleting entries -- Ticket 47385 - Disk Monitoring is not triggered as expected. -- Ticket 47410 - changelog db deadlocks with DNA and replication - -* Wed Jul 17 2013 Petr Pisar - 1.3.1.3-1.1 -- Perl 5.18 rebuild - -* Wed Jul 03 2013 Noriko Hosoi - 1.3.1.3-1 -- bump version to 1.3.1.3 -- Ticket 47374 - flush.pl is not included in perl5 -- Ticket 47391 - deleting and adding userpassword fails to update the password (additional fix) -- Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization -- Ticket 47395 47397 - v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured -- Ticket 47396 - crash on modrdn of tombstone -- Ticket 47400 - MMR stress test with dna enabled causes a deadlock -- Ticket 47409 - allow setting db deadlock rejection policy -- Ticket 47419 - Unhashed userpassword can accidentally get removed from mods -- Ticket 47420 - An upgrade script 80upgradednformat.pl fails to handle a server instance name incuding '-' - -* Sat Jun 15 2013 Noriko Hosoi - 1.3.1.2-1 -- bump version to 1.3.1.2 -- Ticket 47391 - deleting and adding userpassword fails to update the password -- Coverity Fixes (Part 7) - -* Fri Jun 14 2013 Noriko Hosoi - 1.3.1.1-1 -- bump version to 1.3.1.1 -- Ticket 402 - nhashed#user#password in entry extension -- Ticket 511 - Revision - allow turning off vattr lookup in search entry return -- Ticket 580 - Wrong error code return when using EXTERNAL SASL and no client certificate -- Ticket 47327 - error syncing group if group member user is not synced -- Ticket 47355 - dse.ldif doesn't replicate update to nsslapd-sasl-mapping-fallback -- Ticket 47359 - new ldap connections can block ldaps and ldapi connections -- Ticket 47362 - ipa upgrade selinuxusermap data not replicating -- Ticket 47375 - flush_ber error sending back start_tls response will deadlock -- Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3) -- Ticket 47377 - make listen backlog size configurable -- Ticket 47378 - fix recent compiler warnings -- Ticket 47383 - connections attribute in cn=snmp,cn=monitor is counted twice -- Ticket 47385 - DS not shutting down when disk monitoring threshold is reached -- Coverity Fixes (part 1) -- Coverity Fixes (Part 2) -- Coverity Fixes (Part 3) -- Coverity Fixes (Part 4) -- Coverity Fixes (Part 5) - -* Thu May 02 2013 Noriko Hosoi - 1.3.1.0-1 -- bump version to 1.3.1.0 -- Ticket 332 - Command line perl scripts should attempt most secure connection type first -- Ticket 342 - better error message when cache overflows -- Ticket 417 - RFE - forcing passwordmustchange attribute by non-cn=directory manager -- Ticket 419 - logconv.pl - improve memory management -- Ticket 422 - 389-ds-base - Can't call method "getText" -- Ticket 433 - multiple bugs in start-dirsrv, stop-dirsrv, restart-dirsrv scripts -- Ticket 458 - RFE - Make it possible for privileges to be provided to an admin user to import an LDIF file containing hashed passwords -- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used -- Ticket 487 - Possible to add invalid attribute values to PAM PTA plugin configuration -- Ticket 502 - setup-ds.pl script should wait if "semanage.trans.LOCK" presen -- Ticket 505 - use lock-free access name2asi and oid2asi tables (additional) -- Ticket 508 - lock-free access to FrontendConfig structure -- Ticket 511 - allow turning off vattr lookup in search entry return -- Ticket 525 - Introducing a user visible configuration variable for controlling replication retry time -- Ticket 528 - RFE - get rid of instance specific scripts -- Ticket 529 - dn normalization must handle multiple space characters in attributes -- Ticket 532 - RUV is not getting updated for both Master and consumer -- Ticket 533 - only scan for attributes to decrypt if there are encrypted attrs configured -- Ticket 534 - RFE: Add SASL mappings fallback -- Ticket 537 - Improvement of range search -- Ticket 539 - logconv.pl should handle microsecond timing -- Ticket 543 - Sorting with attributes in ldapsearch gives incorrect result -- Ticket 545 - Segfault during initial LDIF import: str2entry_dupcheck() -- Ticket 547 - Incorrect assumption in ndn cache -- Ticket 550 - posix winsync will not create memberuid values if group entry become posix group in the same sync interval -- Ticket 551 - Multivalued rootdn-days-allowed in RootDN Access Control plugin always results in access control violation -- Ticket 552 - Adding rootdn-open-time without rootdn-close-time to RootDN Acess Control results in inconsistent configuration -- Ticket 558 - Replication - make timeout for protocol shutdown configurable -- Ticket 561 - disable writing unhashed#user#password to changelog -- Ticket 563 - DSCreate.pm: Error messages cannot be used in the if expression since they could be localized. -- Ticket 565 - turbo mode and replication - allow disable of turbo mode -- Ticket 571 - server does not accept 0 length LDAP Control sequence -- Ticket 574 - problems with dbcachesize disk space calculation -- Ticket 583 - dirsrv fails to start on reboot due to /var/run/dirsrv permissions -- Ticket 585 - Behaviours of "db2ldif -a " and "db2ldif.pl -a " are inconsistent -- Ticket 587 - Replication error messages in the DS error logs -- Ticket 588 - Create MAN pages for command line scripts -- Ticket 600 - Server should return unavailableCriticalExtension when processing a badly formed critical control -- Ticket 603 - A logic error in str2simple -- Ticket 604 - Required attribute not checked during search operation -- Ticket 608 - Posix Winsync plugin throws "posix_winsync_end_update_cb: failed to add task entry" error message -- Ticket 611 - logconv.pl missing stats for StartTLS, LDAPI, and AUTOBIND -- Ticket 612 - improve dbgen rdn generation, output -- Ticket 613 - ldclt: add timestamp, interval, nozeropad, other improvements -- Ticket 616 - High contention on computed attribute lock -- Ticket 618 - Crash at shutdown while stopping replica agreements -- Ticket 620 - Better logging of error messages for 389-ds-base -- Ticket 621 - modify operations without values need to be written to the changelog -- Ticket 622 - DS logging errors "libdb: BDB0171 seek: 2147483648: (262144 * 8192) + 0: No such file or directory -- Ticket 631 - Replication: "Incremental update started" status message without consumer initialized -- Ticket 633 - allow nsslapd-nagle to be disabled, and also tcp cork -- Ticket 47299 - allow cmdline scripts to work with non-root user -- Ticket 47302 - get rid of sbindir start/stop/restart slapd scripts -- Ticket 47303 - start/stop/restart dirsrv scripts should report and error if no instances -- Ticket 47304 - reinitialization of a master with a disabled agreement hangs -- Ticket 47311 - segfault in db2ldif(trigger by a cleanallruv task) -- Ticket 47312 - replace PR_GetFileInfo with PR_GetFileInfo64 -- Ticket 47315 - filter option in fixup-memberof requires more clarification -- Ticket 47325 - Crash at shutdown on a replica aggrement -- Ticket 47330 - changelog db extension / upgrade is obsolete -- Ticket 47336 - logconv.pl -m not working for all stats -- Ticket 47341 - logconv.pl -m time calculation is wrong -- Ticket 47343 - 389-ds-base: Does not support aarch64 in f19 and rawhide -- Ticket 47347 - Simple paged results should support async search -- Ticket 47348 - add etimes to per second/minute stats -- Ticket 47349 - DS instance crashes under a high load - -* Thu Mar 28 2013 Noriko Hosoi - 1.3.0.5-1 -- bump version to 1.3.0.5 -- Ticket 47308 - unintended information exposure when anonymous access is set to rootdse -- Ticket 628 - crash in aci evaluation -- Ticket 627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so -- Ticket 634 - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up -- Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC -- Ticket 623 - cleanAllRUV task fails to cleanup config upon completion - -* Mon Mar 11 2013 Mark Reynolds - 1.3.0.4-1 -- e53d691 bump version to 1.3.0.4 -- Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data -- Ticket 570 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled) -- Ticket 490 - Slow role performance when using a lot of roles -- Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry - -* Wed Feb 13 2013 Noriko Hosoi - 1.3.0.3-1 -- bump version to 1.3.0.3 -- Ticket #584 - Existence of an entry is not checked when its password is to be deleted -- Ticket 562 - Crash when deleting suffix - -* Fri Feb 01 2013 Parag Nemade - 1.3.0.2-2 -- Rebuild for icu 50 - -* Wed Jan 16 2013 Noriko Hosoi - 1.3.0.2-1 -- bump version to 1.3.0.2 -- Ticket #542 - Cannot dynamically set nsslapd-maxbersize - -* Wed Jan 16 2013 Noriko Hosoi - 1.3.0.1-1 -- bump version to 1.3.0.1 -- Ticket 556 - Don't overwrite certmap.conf during upgrade - -* Tue Jan 08 2013 Noriko Hosoi - 1.3.0.0-1 -- bump version to 1.3.0.0 - -* Tue Jan 08 2013 Noriko Hosoi - 1.3.0-0.3.rc3 -- bump version to 1.3.0.rc3 -- Ticket 549 - DNA plugin no longer reports additional info when range is depleted -- Ticket 541 - need to set plugin as off in ldif template -- Ticket 541 - RootDN Access Control plugin is missing after upgrade - -* Fri Dec 14 2012 Noriko Hosoi - 1.3.0-0.2.rc2 -- bump version to 1.3.0.rc2 -- Trac Ticket #497 - Escaped character cannot be used in the substring search filter -- Ticket 509 - lock-free access to be->be_suffixlock -- Trac Ticket #522 - betxn: upgrade is not implemented yet - -* Tue Dec 11 2012 Noriko Hosoi - 1.3.0-0.1.rc1 -- bump version to 1.3.0.rc1 -- Ticket #322 - Create DOAP description for the 389 Directory Server project -- Trac Ticket #499 - Handling URP results is not corrrect -- Ticket 509 - lock-free access to be->be_suffixlock -- Ticket 456 - improve entry cache sizing -- Trac Ticket #531 - loading an entry from the database should use str2entry_f -- Trac Ticket #536 - Clean up compiler warnings for 1.3 -- Trac Ticket #531 - loading an entry from the database should use str2entry_fast -- Ticket 509 - lock-free access to be->be_suffixlock -- Ticket 527 - ns-slapd segfaults if it cannot rename the logs -- Ticket 395 - RFE: 389-ds shouldn't advertise in the rootDSE that we can handle a sasl mech if we really can't -- Ticket 216 - disable replication agreements -- Ticket 518 - dse.ldif is 0 length after server kill or machine kill -- Ticket 393 - Change in winSyncInterval does not take immediate effect -- Ticket 20 - Allow automember to work on entries that have already been added -- Coverity Fixes -- Ticket 349 - nsViewFilter syntax issue in 389DS 1.2.5 -- Ticket 337 - improve CLEANRUV functionality -- Fix for ticket 504 -- Ticket 394 - modify-delete userpassword -- minor fixes for bdb 4.2/4.3 and mozldap -- Trac Ticket #276 - Multiple threads simultaneously working on connection's private buffer causes ns-slapd to abort -- Fix for ticket 465: cn=monitor showing stats for other db instances -- Ticket 507 - use mutex for FrontendConfig lock instead of rwlock -- Fix for ticket 510 Avoid creating an attribute just to determine the syntax for a type, look up the syntax directly by type -- Coverity defect: Resource leak 13110 -- Ticket 517 - crash in DNA if no dnaMagicRegen is specified -- Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry -- Trac Ticket #519 - Search with a complex filter including range search is slow -- Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error -- Trac Ticket #311 - IP lookup failing with multiple DNS entries -- Trac Ticket #447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs -- Trac Ticket #443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error -- Ticket #503 - Improve AD version in winsync log message -- Trac Ticket #190 - Un-resolvable server in replication agreement produces unclear error message -- Coverity fixes -- Trac Ticket #391 - Slapd crashes when deleting backends while operations are still in progress -- Trac Ticket #448 - Possible to set invalid macros in Macro ACIs -- Trac Ticket #498 - Cannot abaondon simple paged result search -- Coverity defects -- Trac Ticket #494 - slapd entered to infinite loop during new index addition -- Fixing compiler warnings in the posix-winsync plugin -- Coverity defects -- Ticket 147 - Internal Password Policy usage very inefficient -- Ticket 495 - internalModifiersname not updated by DNA plugin -- Revert "Ticket 495 - internalModifiersname not updated by DNA plugin" -- Ticket 495 - internalModifiersname not updated by DNA plugin -- Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h]) -- Ticket 486 - nsslapd-enablePlugin should not be multivalued -- Ticket 488 - Doc: DS error log messages with typo -- Trac Ticket #451 - Allow db2ldif to be quiet -- Ticket #491 - multimaster_extop_cleanruv returns wrong error codes -- Ticket #481 - expand nested posix groups -- Trac Ticket #455 - Insufficient rights to unhashed#user#password when user deletes his password -- Ticket #446 - anonymous limits are being applied to directory manager - -* Tue Oct 9 2012 Mark Reynolds - 1.3.0.a1-1 -- Ticket #28 - MOD operations with chained delete/add get back error 53 on backend config -- Ticket #173 - ds-logpipe.py script's man page and script help should be updated for -t option. -- Ticket #196 - RFE: Interpret IPV6 addresses for ACIs, replication, and chaining -- Ticket #218 - RFE - Make RIP working with Replicated Entries -- Ticket #328 - make sure all internal search filters are properly escaped -- Ticket #329 - 389-admin build fails on F-18 with new apache -- Ticket #344 - deadlock in replica_write_ruv -- Ticket #351 - use betxn plugins by default -- Ticket #352 - make cos, roles, views betxn aware -- Ticket #356 - logconv.pl - RFE - track bind info -- Ticket #365 - Audit log - clear text password in user changes -- Ticket #370 - Opening merge qualifier CoS entry using RHDS console changes the entry. -- Ticket #372 - Setting nsslapd-listenhost or nsslapd-securelistenhost breaks ACI processing -- Ticket #386 - Overconsumption of memory with large cachememsize and heavy use of ldapmodify -- Ticket #402 - unhashedTicket #userTicket #password in entry extension -- Ticket #408 - Create a normalized dn cache -- Ticket #453 - db2index with -tattrname:type,type fails -- Ticket #461 - fix build problem with mozldap c sdk -- Ticket #462 - add test for include file mntent.h -- Ticket #463 - different parameters of getmntent in Solaris - -* Tue Sep 25 2012 Rich Megginson - 1.2.11.15-1 -- Trac Ticket #470 - 389 prevents from adding a posixaccount with userpassword after schema reload -- Ticket 477 - CLEANALLRUV if there are only winsync agmts task will hang -- Ticket 457 - dirsrv init script returns 0 even when few or all instances fail to start -- Ticket 473 - change VERSION.sh to have console version be major.minor -- Ticket 475 - Root DN Access Control - improve value checking for config -- Trac Ticket #466 - entry_apply_mod - ADD: Failed to set unhashed#user#password to extension -- Ticket 474 - Root DN Access Control - days allowed not working correctly -- Ticket 467 - CLEANALLRUV abort task should be able to ignore down replicas -- 0b79915 fix compiler warnings in ticket 374 code -- Ticket 452 - automember rebuild task adds users to groups that do not match the configuration scope - -* Fri Sep 7 2012 Rich Megginson - 1.2.11.14-1 -- Ticket 450 - CLEANALLRUV task gets stuck on winsync replication agreement -- Ticket 386 - large memory growth with ldapmodify(heap fragmentation) -- this patch doesn't fix the bug - it allows us to experiment with -- different values of mxfast -- Ticket #374 - consumer can go into total update mode for no reason - -* Tue Sep 4 2012 Rich Megginson - 1.2.11.13-1 -- Ticket #426 - support posix schema for user and group sync -- 1) plugin config ldif must contain pluginid, etc. during upgrade or it -- will fail due to schema errors -- 2) posix winsync should have a lower precedence (25) than the default (50) -- so that it will be run first -- 3) posix winsync should support the Winsync API v3 - the v2 functions are -- just stubs for now - but the precedence cb is active - -* Thu Aug 30 2012 Rich Megginson - 1.2.11.12-1 -- 8e5087a Coverity defects - 13089: Dereference after null check ldbm_back_delete -- Trac Ticket #437 - variable dn should not be used in ldbm_back_delete -- ba1f5b2 fix coverity resource leak in windows_plugin_add -- e3e81db Simplify program flow: change while loops to for -- a0d5dc0 Fix logic errors: del_mod should be latched (might not be last mod), and avoid skipping add-mods (int value 0) -- 0808f7e Simplify program flow: make adduids/moduids/deluids action blocks all similar -- 77eb760 Simplify program flow: eliminate unnecessary continue -- c9e9db7 Memory leaks: unmatched slapi_attr_get_valueset and slapi_value_new -- a4ca0cc Change "return"s in modGroupMembership to "break"s to avoid leaking -- d49035c Factorize into new isPosixGroup function -- 3b61c03 coverity - posix winsync mem leaks, null check, deadcode, null ref, use after free -- 33ce2a9 fix mem leaks with parent dn log message, setting winsync windows domain -- Ticket #440 - periodic dirsync timed event causes server to loop repeatedly -- Ticket #355 - winsync should not delete entry that appears to be out of scope -- Ticket 436 - nsds5ReplicaEnabled can be set with any invalid values. -- 487932d coverity - mbo dead code - winsync leaks, deadcode, null check, test code -- 2734a71 CLEANALLRUV coverity fixes -- Ticket #426 - support posix schema for user and group sync -- Ticket #430 - server to server ssl client auth broken with latest openldap - -* Mon Aug 20 2012 Mark Reynolds - 1.2.11.11-1 -6c0778f bumped version to 1.2.11.11 -Ticket 429 - added nsslapd-readonly to DS schema -Ticket 403 - fix CLEANALLRUV regression from last commit -Trac Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values - -* Wed Aug 15 2012 Mark Reynolds - 1.2.11.10-1 -db6b354 bumped version to 1.2.11.10 -Ticket 403 - CLEANALLRUV revisions - -* Tue Aug 7 2012 Mark Reynolds - 1.2.11.9-1 -ea05e69 Bumped version to 1.2.11.9 -Ticket 407 - dna memory leak - fix crash from prev fix - -* Fri Aug 3 2012 Mark Reynolds - 1.2.11.8-1 -ddcf669 bump version to 1.2.11.8 for offical release -Ticket #425 - support multiple winsync plugins -Ticket 403 - cleanallruv coverity fixes -Ticket 407 - memory leak in dna plugin -Ticket 403 - CLEANALLRUV feature -Ticket 413 - "Server is unwilling to perform" when running ldapmodify on nsds5ReplicaStripAttrs -3168f04 Coverity defects -5ff0a02 COVERITY FIXES -Ticket #388 - Improve replication agreement status messages -0760116 Update the slapi-plugin documentation on new slapi functions, and added a slapi function for checking on shutdowns -Ticket #369 - restore of replica ldif file on second master after deleting two records shows only 1 deletion -Ticket #409 - Report during startup if nsslapd-cachememsize is too small -Ticket #412 - memberof performance enhancement -12813: Uninitialized pointer read string_values2keys -Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values -Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values -Ticket #410 - Referential integrity plug-in does not work when update interval is not zero -Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled -Ticket #405 - referint modrdn not working if case is different -Ticket 399 - slapi_ldap_bind() doesn't check bind results - -* Wed Jul 18 2012 Fedora Release Engineering - 1.2.11.7-2.2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu Jun 28 2012 Petr Pisar - 1.2.11.7-2.1 -- Perl 5.16 rebuild - -* Wed Jun 27 2012 Rich Megginson - 1.2.11.7-2 -- Ticket 378 - unhashed#user#password visible after changing password -- fix func declaration from previous patch -- Ticket 366 - Change DS to purge ticket from krb cache in case of authentication error - -* Wed Jun 27 2012 Rich Megginson - 1.2.11.7-1 -- Trac Ticket 396 - Account Usability Control Not Working - -* Thu Jun 21 2012 Rich Megginson - 1.2.11.6-1 -- Ticket #378 - audit log does not log unhashed password: enabled, by default. -- Ticket #378 - unhashed#user#password visible after changing password -- Ticket #365 - passwords in clear text in the audit log - -* Tue Jun 19 2012 Rich Megginson - 1.2.11.5-2 -- workaround for https://bugzilla.redhat.com/show_bug.cgi?id=833529 - -* Mon Jun 18 2012 Rich Megginson - 1.2.11.5-1 -- Ticket #387 - managed entry sometimes doesn't delete the managed entry -- 5903815 improve txn test index handling -- Ticket #360 - ldapmodify returns Operations error - fix delete caching -- bcfa9e3 Coverity Fix for CLEANALLRUV -- Trac Ticket #335 - transaction retries need to be cache aware -- Ticket #389 - ADD operations not in audit log -- 44cdc84 fix coverity issues with uninit vals, no return checking -- Ticket 368 - Make the cleanAllRUV task one step -- Ticket #110 - RFE limiting root DN by host, IP, time of day, day of week - -* Mon Jun 11 2012 Petr Pisar - 1.2.11.4-1.1 -- Perl 5.16 rebuild - -* Tue May 22 2012 Rich Megginson - 1.2.11.4-1 -- Ticket #360 - ldapmodify returns Operations error -- Ticket #321 - krbExtraData is being null modified and replicated on each ssh login -- Trac Ticket #359 - Database RUV could mismatch the one in changelog under the stress -- Ticket #361: Bad DNs in ACIs can segfault ns-slapd -- Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object -- Ticket #337 - Improve CLEANRUV task - -* Sat May 5 2012 Rich Megginson - 1.2.11.3-1 -- Ticket #358 - managed entry doesn't delete linked entry - -* Fri May 4 2012 Rich Megginson - 1.2.11.2-1 -- Ticket #351 - use betxn plugins by default -- revert - make no plugins betxn by default - too great a risk -- for deadlocks until we can test this better -- Ticket #348 - crash in ldap_initialize with multiple threads -- fixes PR_Init problem in ldclt - -* Wed May 2 2012 Rich Megginson - 1.2.11.1-1 -- f227f11 Suppress alert on unavailable port with forced setup -- Ticket #353 - coverity 12625-12629 - leaks, dead code, unchecked return -- Ticket #351 - use betxn plugins by default -- Trac Ticket #345 - db deadlock return should not log error -- Ticket #348 - crash in ldap_initialize with multiple threads -- Ticket #214 - Adding Replication agreement should complain if required nsds5ReplicaCredentials not supplied -- Ticket #207 - [RFE] enable attribute that tracks when a password was last set -- Ticket #216 - RFE - Disable replication agreements -- Ticket #337 - RFE - Improve CLEANRUV functionality -- Ticket #326 - MemberOf plugin should work on all backends -- Trac Ticket #19 - Convert entryUSN plugin to transaction aware type -- Ticket #347 - IPA dirsvr seg-fault during system longevity test -- Trac Ticket #310 - Avoid calling escape_string() for logged DNs -- Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object -- Ticket #183 - passwordMaxFailure should lockout password one sooner -- Trac Ticket #335 - transaction retries need to be cache aware -- Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) -- Ticket #325 - logconv.pl : use of getopts to parse command line options -- Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) -- 554e29d Coverity Fixes -- Trac Ticket #46 - (additional 2) setup-ds-admin.pl does not like ipv6 only hostnames -- Ticket #183 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions -- Ticket #315 - small fix to libglobs -- Ticket #315 - ns-slapd exits/crashes if /var fills up -- Ticket #20 - Allow automember to work on entries that have already been added -- Trac Ticket #45 - Fine Grained Password policy: if passwordHistory is on, deleting the password fails. - -* Fri Mar 30 2012 Rich Megginson - 1.2.11-0.1.a1 -- 453eb97 schema def must have DESC '' - close paren must be preceded by space -- Trac Ticket #46 - (additional) setup-ds-admin.pl does not like ipv6 only hostnames -- Ticket #331 - transaction errors with db 4.3 and db 4.2 -- Ticket #261 - Add Solaris i386 -- Ticket #316 and Ticket #70 - add post add/mod and AD add callback hooks -- Ticket #324 - Sync with group attribute containing () fails -- Ticket #319 - ldap-agent crashes on start with signal SIGSEGV -- 77cacd9 coverity 12606 Logically dead code -- Trac Ticket #303 - make DNA range requests work with transactions -- Ticket #320 - allow most plugins to be betxn plugins -- Ticket #24 - Add nsTLS1 to the DS schema -- Ticket #271 - Slow shutdown when you have 100+ replication agreements -- TIcket #285 - compilation fixes for '--format-security' -- Ticket 211 - Avoid preop range requests non-DNA operations -- Ticket #271 - replication code cleanup -- Ticket 317 - RHDS fractional replication with excluded password policy attributes leads to wrong error messages. -- Ticket #308 - Automembership plugin fails if data and config area mixed in the plugin configuration -- Ticket #292 - logconv.pl reporting unindexed search with different search base than shown in access logs -- 6f8680a coverity 12563 Read from pointer after free (fix 2) -- e6a9b22 coverity 12563 Read from pointer after free -- 245d494 Config changes fail because of unknown attribute "internalModifiersname" -- Ticket #191 - Implement SO_KEEPALIVE in network calls -- Ticket #289 - allow betxn plugin config changes -- 93adf5f destroy the entry cache and dn cache in the dse post op delete callback -- e2532d8 init txn thread private data for all database modes -- Ticket #291 - cannot use & in a sasl map search filter -- 6bf6e79 Schema Reload crash fix -- 60b2d12 Fixing compiler warnings -- Trac Ticket #260 - 389 DS does not support multiple paging controls on a single connection -- Ticket #302 - use thread local storage for internalModifiersName & internalCreatorsName -- fdcc256 Minor bug fix introcuded by commit 69c9f3bf7dd9fe2cadd5eae0ab72ce218b78820e -- Ticket #306 - void function cannot return value -- ticket 181 - Allow PAM passthru plug-in to have multiple config entries -- ticket 211 - Use of uninitialized variables in ldbm_back_modify() -- Ticket #74 - Add schema for DNA plugin (RFE) -- Ticket #301 - implement transaction support using thread local storage -- Ticket #211 - dnaNextValue gets incremented even if the user addition fails -- 144af59 coverity uninit var and resource leak -- Trac Ticket #34 - remove-ds.pl does not remove everything -- Trac Ticket #169 - allow 389 to use db5 -- bc78101 fix compiler warning in acct policy plugin -- Trac Ticket #84 - 389 Directory Server Unnecessary Checkpoints -- Trac Ticket #27 - SASL/PLAIN binds do not work -- Ticket #129 - Should only update modifyTimestamp/modifiersName on MODIFYops -- Ticket #17 - new replication optimizations - -* Tue Mar 27 2012 Noriko Hosoi - 1.2.10.4-4 -- Ticket #46 - (revised) setup-ds-admin.pl does not like ipv6 only hostnames -- Ticket #66 - 389-ds-base spec file does not have a BuildRequires on gcc-c++ - -* Fri Mar 23 2012 Noriko Hosoi - 1.2.10.4-3 -- Ticket #46 - setup-ds-admin.pl does not like ipv6 only hostnames - -* Wed Mar 21 2012 Rich Megginson - 1.2.10.4-2 -- get rid of posttrans - move update code to post - -* Tue Mar 13 2012 Rich Megginson - 1.2.10.4-1 -- Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash - -* Mon Mar 5 2012 Rich Megginson - 1.2.10.3-1 -- b05139b memleak in normalize_mods2bvals -- c0eea24 memleak in mep_parse_config_entry -- 90bc9eb handle null smods -- Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash -- Ticket #306 - void function cannot return value -- ticket 304 - Fix kernel version checking in dsktune - -* Thu Feb 23 2012 Rich Megginson - 1.2.10.2-1 -- Trac Ticket #298 - crash when replicating orphaned tombstone entry -- Ticket #281 - TLS not working with latest openldap -- Trac Ticket #290 - server hangs during shutdown if betxn pre/post op fails -- Trac Ticket #26 - Please support setting defaultNamingContext in the rootdse - -* Tue Feb 14 2012 Noriko Hosoi - 1.2.10.1-2 -- Ticket #124 - add Provides: ldif2ldbm to rpm - -* Tue Feb 14 2012 Rich Megginson - 1.2.10.1-1 -- Ticket #294 - 389 DS Segfaults during replica install in FreeIPA - -* Mon Feb 13 2012 Rich Megginson - 1.2.10.0-1 -- Ticket 284 - Remove unnecessary SNMP MIB files -- Ticket 51 - memory leaks in 389-ds-base-1.2.8.2-1.el5? -- Ticket 175 - logconv.pl improvements - -* Fri Feb 10 2012 Noriko Hosoi - 1.2.10-0.10.rc1.2 -- Introducing use_db4 macro to support db5 (libdb). - -* Fri Feb 10 2012 Petr Pisar - 1.2.10-0.10.rc1.1 -- Rebuild against PCRE 8.30 - -* Thu Feb 2 2012 Rich Megginson - 1.2.10-0.10.rc1 -- ad9dd30 coverity 12488 Resource leak In attr_index_config(): Leak of memory or pointers to system resources -- Ticket #281 - TLS not working with latest openldap -- Ticket #280 - extensible binary filters do not work -- Ticket #279 - filter normalization does not use matching rules -- Trac Ticket #275 - Invalid read reported by valgrind -- Ticket #277 - cannot set repl referrals or state -- Ticket #278 - Schema replication update failed: Invalid syntax -- Ticket #39 - Account Policy Plugin does not work for simple binds when PAM Pass Through Auth plugin is enabled -- Ticket #13 - slapd process exits when put the database on read only mode while updates are coming to the server -- Ticket #87 - Manpages fixes -- c493fb4 fix a couple of minor coverity issues -- Ticket #55 - Limit of 1024 characters for nsMatchingRule -- Trac Ticket #274 - Reindexing entryrdn fails if ancestors are also tombstoned -- Ticket #6 - protocol error from proxied auth operation -- Ticket #38 - nisDomain schema is incorrect -- Ticket #273 - ruv tombstone searches don't work after reindex entryrdn -- Ticket #29 - Samba3-schema is missing sambaTrustedDomainPassword -- Ticket #22 - RFE: Support sendmail LDAP routing schema -- Ticket #161 - Review and address latest Coverity issues -- Ticket #140 - incorrect memset parameters -- Trac Ticket 35 - Log not clear enough on schema errors -- Trac Ticket 139 - eliminate the use of char *dn in favor of Slapi_DN *dn -- Trac Ticket #52 - FQDN set to nsslapd-listenhost makes the server start fail if IPv4-mapped-IPv6 address is given - -* Tue Jan 24 2012 Rich Megginson - 1.2.10-0.9.a8 -- Ticket #272 - add tombstonenumsubordinates to schema - -* Mon Jan 23 2012 Rich Megginson - 1.2.10-0.8.a7 -- fixes for systemd - remove .pid files after shutting down servers -- Ticket #263 - add systemd include directive -- Ticket #264 - upgrade needs better check for "server is running" - -* Fri Jan 20 2012 Rich Megginson - 1.2.10-0.7.a7 -- Ticket #262 - pid file not removed with systemd -- Ticket #50 - server should not call a plugin after the plugin close function is called -- Ticket #18 - Data inconsitency during replication -- Ticket #49 - better handling for server shutdown while long running tasks are active -- Ticket #15 - Get rid of rwlock.h/rwlock.c and just use slapi_rwlock instead -- Ticket #257 - repl-monitor doesn't work if leftmost hostnames are the same -- Ticket #12 - 389 DS DNA Plugin / Replication failing on GSSAPI -- 6aaeb77 add a hack to disable sasl hostname canonicalization -- Ticket 168 - minssf should not apply to rootdse -- Ticket #177 - logconv.pl doesn't detect restarts -- Ticket #159 - Managed Entry Plugin runs against managed entries upon any update without validating -- Ticket 75 - Unconfigure plugin opperations are being called. -- Ticket 26 - Please support setting defaultNamingContext in the rootdse. -- Ticket #71 - unable to delete managed entry config -- Ticket #167 - Mixing transaction and non-transaction plugins can cause deadlock -- Ticket #256 - debug build assertion in ACL_EvalDestroy() -- Ticket #4 - bak2db gets stuck in infinite loop -- Ticket #162 - Infinite loop / spin inside strcmpi_fast, acl_read_access_allowed_on_attr, server DoS -- Ticket #3: acl cache overflown problem -- Ticket 1 - pre-normalize filter and pre-compile substring regex - and other optimizations -- Ticket 2 - If node entries are tombstone'd, subordinate entries fail to get the full DN. - -* Thu Jan 12 2012 Fedora Release Engineering - 1.2.10-0.6.a6.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Thu Dec 15 2011 Rich Megginson - 1.2.10-0.6.a6 -- Bug 755725 - 389 programs linked against openldap crash during shutdown -- Bug 755754 - Unable to start dirsrv service using systemd -- Bug 745259 - Incorrect entryUSN index under high load in replicated environment -- d439e3a use slapi_hexchar2int and slapi_str_to_u8 everywhere -- 5910551 csn_init_as_string should not use sscanf -- b53ba00 reduce calls to csn_as_string and slapi_log_error -- c897267 fix member variable name error in slapi_uniqueIDFormat -- 66808e5 uniqueid formatting - use slapi_u8_to_hex instead of sprintf -- 580a875 csn_as_string - use slapi_uN_to_hex instead of sprintf -- Bug 751645 - crash when simple paged fails to send entry to client -- Bug 752155 - Use restorecon after creating init script lock file - -* Fri Nov 4 2011 Rich Megginson - 1.2.10-0.5.a5 -- Bug 751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD' -- Bug 750625 750624 750622 744946 Coverity issues -- Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication -- Bug 748575 - rhds81 modrn operation and 100% cpu use in replication -- Bug 745259 - Incorrect entryUSN index under high load in replicated environment -- f639711 Reduce the number of DN normalization -- c06a8fa Keep unhashed password psuedo-attribute in the adding entry -- Bug 744945 - nsslapd-counters attribute value cannot be set to "off" -- 8d3b921 Use new PLUGIN_CONFIG_ENTRY feature to allow switching between txn and regular -- d316a67 Change referential integrity to be a betxnpostoperation plugin - -* Fri Oct 7 2011 Rich Megginson - 1.2.10-0.4.a4 -- Bug 741744 - part3 - MOD operations with chained delete/add get back error 53 -- 1d2f5a0 make memberof transaction aware and able to be a betxnpostoperation plug in -- b6d3ba7 pass the plugin config entry to the plugin init function -- 28f7bfb set the ENTRY_POST_OP for modrdn betxnpostoperation plugins -- Bug 743966 - Compiler warnings in account usability plugin - -* Wed Oct 5 2011 Rich Megginson - 1.2.10.a3-0.3 -- 498c42b fix transaction support in ldbm_delete - -* Wed Oct 5 2011 Rich Megginson - 1.2.10.a2-0.2 -- Bug 740942 - allow resource limits to be set for paged searches independently of limits for other searches/operations -- Bug 741744 - MOD operations with chained delete/add get back error 53 on backend config -- Bug 742324 - allow nsslapd-idlistscanlimit to be set dynamically and per-user - -* Wed Sep 21 2011 Rich Megginson - 1.2.10.a1-0.1 -- Bug 695736 - Providing native systemd file - -* Wed Sep 7 2011 Rich Megginson - 1.2.9.10-2 -- corrected source - -* Wed Sep 7 2011 Rich Megginson - 1.2.9.10-1 -- Bug 735114 - renaming a managed entry does not update mepmanagedby - -* Thu Sep 1 2011 Rich Megginson - 1.2.9.9-1 -- Bug 735121 - simple paged search + ip/dns based ACI hangs server -- Bug 722292 - (cov#11030) Leak of mapped_sdn in winsync rename code -- Bug 703990 - cross-platform - Support upgrade from Red Hat Directory Server -- Introducing an environment variable USE_VALGRIND to clean up the entry cache and dn cache on exit. - -* Wed Aug 31 2011 Rich Megginson - 1.2.9.8-1 -- Bug 732153 - subtree and user account lockout policies implemented? -- Bug 722292 - Entries in DS are not updated properly when using WinSync API - -* Wed Aug 24 2011 Rich Megginson - 1.2.9.7-1 -- Bug 733103 - large targetattr list with syntax errors cause server to crash or hang -- Bug 633803 - passwordisglobalpolicy attribute brakes TLS chaining -- Bug 732541 - Ignore error 32 when adding automember config -- Bug 728592 - Allow ns-slapd to start with an invalid server cert - -* Wed Aug 10 2011 Rich Megginson - 1.2.9.6-1 -- Bug 728510 - Run dirsync after sending updates to AD -- Bug 729717 - Fatal error messages when syncing deletes from AD -- Bug 729369 - upgrade DB to upgrade from entrydn to entryrdn format is not working. -- Bug 729378 - delete user subtree container in AD + modify password in DS == DS crash -- Bug 723937 - Slapi_Counter API broken on 32-bit F15 -- fixed again - separate tests for atomic ops and atomic bool cas - -* Mon Aug 8 2011 Rich Megginson - 1.2.9.5-1 -- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error -- Fix another coverity NULL deref in previous patch - -* Thu Aug 4 2011 Rich Megginson - 1.2.9.4-1 -- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error -- Fix coverity NULL deref in previous patch - -* Wed Aug 3 2011 Rich Megginson - 1.2.9.3-1 -- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error -- previous patch broke build on el5 - -* Wed Aug 3 2011 Rich Megginson - 1.2.9.2-1 -- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error - -* Tue Aug 2 2011 Rich Megginson - 1.2.9.1-2 -- Bug 723937 - Slapi_Counter API broken on 32-bit F15 -- fixed to use configure test for GCC provided 64-bit atomic functions - -* Wed Jul 27 2011 Rich Megginson - 1.2.9.1-1 -- Bug 663752 - Cert renewal for attrcrypt and encchangelog -- this was "re-fixed" due to a deadlock condition with cl2ldif task cancel -- Bug 725953 - Winsync: DS entries fail to sync to AD, if the User's CN entry contains a comma -- Bug 725743 - Make memberOf use PRMonitor for it's operation lock -- Bug 725542 - Instance upgrade fails when upgrading 389-ds-base package -- Bug 723937 - Slapi_Counter API broken on 32-bit F15 - -* Thu Jul 21 2011 Petr Sabata - 1.2.9.0-1.2 -- Perl mass rebuild - -* Wed Jul 20 2011 Petr Sabata - 1.2.9.0-1.1 -- Perl mass rebuild - -* Fri Jul 15 2011 Rich Megginson - 1.2.9.0-1 -- Bug 720059 - RDN with % can cause crashes or missing entries -- Bug 709468 - RSA Authentication Server timeouts when using simple paged results on RHDS 8.2. -- Bug 691313 - Need TLS/SSL error messages in repl status and errors log -- Bug 712855 - Directory Server 8.2 logs "Netscape Portable Runtime error -5961 (TCP connection reset by peer.)" to error log whereas Directory Server 8.1 did not -- Bug 713209 - Update sudo schema -- Bug 719069 - clean up compiler warnings in 389-ds-base 1.2.9 -- Bug 718303 - Intensive updates on masters could break the consumer's cache -- Bug 711679 - unresponsive LDAP service when deleting vlv on replica - -* Mon Jun 27 2011 Rich Megginson - 1.2.9-0.2.a2 -- 389-ds-base-1.2.9.a2 -- look for separate openldap ldif library -- Split automember regex rules into separate entries -- writing Inf file shows SchemaFile = ARRAY(0xhexnum) -- add support for ldif files with changetype: add -- Bug 716980 - winsync uses old AD entry if new one not found -- Bug 697694 - rhds82 - incr update state stop_fatal_error "requires administrator action", with extop_result: 9 -- bump console version to 1.2.6 -- Bug 711679 - unresponsive LDAP service when deleting vlv on replica -- Bug 703703 - setup-ds-admin.pl asks for legal agreement to a non-existant file -- Bug 706209 - LEGAL: RHEL6.1 License issue for 389-ds-base package -- Bug 663752 - Cert renewal for attrcrypt and encchangelog -- Bug 706179 - DS can not restart after create a new objectClass has entryusn attribute -- Bug 711906 - ns-slapd segfaults using suffix referrals -- Bug 707384 - only allow FIPS approved cipher suites in FIPS mode -- Bug 710377 - Import with chain-on-update crashes ns-slapd -- Bug 709826 - Memory leak: when extra referrals configured - -* Fri Jun 17 2011 Marcela Mašláňová - 1.2.9-0.1.a1.2 -- Perl mass rebuild - -* Fri Jun 10 2011 Marcela Mašláňová - 1.2.9-0.1.a1.1 -- Perl 5.14 mass rebuild - -* Thu May 26 2011 Rich Megginson - 1.2.9-0.1.a1 -- 389-ds-base-1.2.9.a1 -- Auto Membership -- More Coverity fixes - -* Mon May 2 2011 Rich Megginson - 1.2.8.3-1 -- 389-ds-base-1.2.8.3 -- Bug 700145 - userpasswd not replicating -- Bug 700557 - Linked attrs callbacks access free'd pointers after close -- Bug 694336 - Group sync hangs Windows initial Sync -- Bug 700215 - ldclt core dumps -- Bug 695779 - windows sync can lose old values when a new value is added -- Bug 697027 - 12 - minor memory leaks found by Valgrind + TET - -* Thu Apr 14 2011 Rich Megginson - 1.2.8.2-1 -- 389-ds-base-1.2.8.2 -- Bug 696407 - If an entry with a mixed case RDN is turned to be -- a tombstone, it fails to assemble DN from entryrdn - -* Fri Apr 8 2011 Rich Megginson - 1.2.8.1-1 -- 389-ds-base-1.2.8.1 -- Bug 693962 - Full replica push loses some entries with multi-valued RDNs - -* Tue Apr 5 2011 Rich Megginson - 1.2.8.0-1 -- 389-ds-base-1.2.8.0 -- Bug 693473 - rhds82 rfe - windows_tot_run to log Sizelimit exceeded instead of LDAP error - -1 -- Bug 692991 - rhds82 - windows_tot_run: failed to obtain data to send to the consumer; LDAP error - -1 -- Bug 693466 - Unable to change schema online -- Bug 693503 - matching rules do not inherit from superior attribute type -- Bug 693455 - nsMatchingRule does not work with multiple values -- Bug 693451 - cannot use localized matching rules -- Bug 692331 - Segfault on index update during full replication push on 1.2.7.5 - -* Mon Apr 4 2011 Rich Megginson - 1.2.8-0.10.rc5 -- 389-ds-base-1.2.8.rc5 -- Bug 692469 - Replica install fails after step for "enable GSSAPI for replication" - -* Tue Mar 29 2011 Rich Megginson - 1.2.8-0.9.rc4 -- 389-ds-base-1.2.8.rc4 -- Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv -ice is restarted -- 389-ds-base-1.2.8.rc3 -- Bug 690955 - Mrclone fails due to the replica generation id mismatch - -* Tue Mar 22 2011 Rich Megginson - 1.2.8-0.8.rc2 -- 389-ds-base-1.2.8 release candidate 2 - git tag 389-ds-base-1.2.8.rc2 -- Bug 689537 - (cov#10610) Fix Coverity NULL pointer dereferences -- Bug 689866 - ns-newpwpolicy.pl needs to use the new DN format -- Bug 681015 - RFE: allow fine grained password policy duration attributes -- in days, hours, minutes, as well -- Bug 684996 - Exported tombstone cannot be imported correctly -- Bug 683250 - slapd crashing when traffic replayed -- Bug 668909 - Can't modify replication agreement in some cases -- Bug 504803 - Allow maxlogsize to be set if logmaxdiskspace is -1 -- Bug 644784 - Memory leak in "testbind.c" plugin -- Bug 680558 - Winsync plugin fails to restrain itself to the configured subtree - -* Mon Mar 7 2011 Caolán McNamara - 1.2.8-0.7.rc1 -- rebuild for icu 4.6 - -* Wed Mar 2 2011 Rich Megginson - 1.2.8-0.6.rc1 -- 389-ds-base-1.2.8 release candidate 1 - git tag 389-ds-base-1.2.8.rc1 -- Bug 518890 - setup-ds-admin.pl - improve hostname validation -- Bug 681015 - RFE: allow fine grained password policy duration attributes in -- days, hours, minutes, as well -- Bug 514190 - setup-ds-admin.pl --debug does not log to file -- Bug 680555 - ns-slapd segfaults if I have more than 100 DBs -- Bug 681345 - setup-ds.pl should set SuiteSpotGroup automatically -- Bug 674852 - crash in ldap-agent when using OpenLDAP -- Bug 679978 - modifying attr value crashes the server, which is supposed to -- be indexed as substring type, but has octetstring syntax -- Bug 676655 - winsync stops working after server restart -- Bug 677705 - ds-logpipe.py script is failing to validate "-s" and -- "--serverpid" options with "-t". -- Bug 625424 - repl-monitor.pl doesn't work in hub node - -* Mon Feb 28 2011 Rich Megginson - 1.2.8-0.5.a3 -- Bug 676598 - 389-ds-base multilib: file conflicts -- split off libs into a separate -libs package - -* Thu Feb 24 2011 Rich Megginson - 1.2.8-0.4.a3 -- do not create /var/run/dirsrv - setup will create it instead -- remove the fedora-ds initscript upgrade stuff - we do not support that anymore -- convert the remaining lua stuff to plain old shell script - -* Wed Feb 9 2011 Rich Megginson - 1.2.8-0.3.a3 -- 1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3 -- Bug 675320 - empty modify operation with repl on or lastmod off will crash server -- Bug 675265 - preventryusn gets added to entries on a failed delete -- Bug 677774 - added support for tmpfiles.d -- Bug 666076 - dirsrv crash (1.2.7.5) with multiple simple paged result search -es -- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH -- Bug 671199 - Don't allow other to write to rundir -- Bug 678646 - Ignore tombstone operations in managed entry plug-in -- Bug 676053 - export task followed by import task causes cache assertion -- Bug 677440 - clean up compiler warnings in 389-ds-base 1.2.8 -- Bug 675113 - ns-slapd core dump in windows_tot_run if oneway sync is used -- Bug 676689 - crash while adding a new user to be synced to windows -- Bug 604881 - admin server log files have incorrect permissions/ownerships -- Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv -ice is restarted -- Bug 675853 - dirsrv crash segfault in need_new_pw() - -* Mon Feb 07 2011 Fedora Release Engineering - 1.2.8-0.2.a2.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Thu Feb 3 2011 Rich Megginson - 1.2.8-0.2.a2 -- 1.2.8.a2 release - git tag 389-ds-base-1.2.8.a2 -- Bug 674430 - Improve error messages for attribute uniqueness -- Bug 616213 - insufficient stack size for HP-UX on PA-RISC -- Bug 615052 - intrinsics and 64-bit atomics code fails to compile -- on PA-RISC -- Bug 151705 - Need to update Console Cipher Preferences with new ciphers -- Bug 668862 - init scripts return wrong error code -- Bug 670616 - Allow SSF to be set for local (ldapi) connections -- Bug 667935 - DS pipe log script's logregex.py plugin is not redirecting the -- log output to the text file -- Bug 668619 - slapd stops responding -- Bug 624547 - attrcrypt should query the given slot/token for -- supported ciphers -- Bug 646381 - Faulty password for nsmultiplexorcredentials does not give any -- error message in logs - -* Fri Jan 21 2011 Nathan Kinder - 1.2.8-0.1.a1 -- 1.2.8-0.1.a1 release - git tag 389-ds-base-1.2.8.a1 -- many bug fixes - -* Thu Dec 16 2010 Rich Megginson - 1.2.7.5-1 -- 1.2.7.5 release - git tag 389-ds-base-1.2.7.5 -- Bug 663597 - Memory leaks in normalization code - -* Tue Dec 14 2010 Rich Megginson - 1.2.7.4-2 -- Resolves: bug 656541 - use %%ghost on files in /var/lock - -* Fri Dec 10 2010 Rich Megginson - 1.2.7.4-1 -- 1.2.7.4 release - git tag 389-ds-base-1.2.7.4 -- Bug 661792 - Valid managed entry config rejected - -* Wed Dec 8 2010 Rich Megginson - 1.2.7.3-1 -- 1.2.7.3 release - git tag 389-ds-base-1.2.7.3 -- Bug 658312 - Invalid free in Managed Entry plug-in -- Bug 641944 - Don't normalize non-DN RDN values - -* Fri Dec 3 2010 Rich Megginson - 1.2.7.2-1 -- 1.2.7.2 release - git tag 389-ds-base-1.2.7.2 -- Bug 659456 - Incorrect usage of ber_printf() in winsync code -- Bug 658309 - Process escaped characters in managed entry mappings -- Bug 197886 - Initialize return value for UUID generation code -- Bug 658312 - Allow mapped attribute types to be quoted -- Bug 197886 - Avoid overflow of UUID generator - -* Tue Nov 23 2010 Rich Megginson - 1.2.7.1-2 -- last commit had bogus commit log - -* Tue Nov 23 2010 Rich Megginson - 1.2.7.1-1 -- 1.2.7.1 release - git tag 389-ds-base-1.2.7.1 -- Bug 656515 - Allow Name and Optional UID syntax for grouping attributes -- Bug 656392 - Remove calls to ber_err_print() -- Bug 625950 - hash nsslapd-rootpw changes in audit log - -* Tue Nov 16 2010 Nathan Kinder - 1.2.7-2 -- 1.2.7 release - git tag 389-ds-base-1.2.7 - -* Fri Nov 12 2010 Nathan Kinder - 1.2.7-1 -- Bug 648949 - Merge dirsrv and dirsrv-admin policy modules into base policy - -* Tue Nov 9 2010 Rich Megginson - 1.2.7-0.6.a5 -- 1.2.7.a5 release - git tag 389-ds-base-1.2.7.a5 -- Bug 643979 - Strange byte sequence for attribute with no values (nsslapd-ref -erral) -- Bug 635009 - Add one-way AD sync capability -- Bug 572018 - Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot -- put replication config entries in separate file -- Bug 567282 - server can not abandon searchRequest of "simple paged results" -- Bug 329751 - "nested" filtered roles searches candidates more than needed -- Bug 521088 - DNA should check ACLs before getting a value from the range - -* Mon Nov 1 2010 Rich Megginson - 1.2.7-0.5.a4 -- 1.2.7.a4 release - git tag 389-ds-base-1.2.7.a4 -- Bug 647932 - multiple memberOf configuration adding memberOf where there is -no member -- Bug 491733 - dbtest crashes -- Bug 606545 - core schema should include numSubordinates -- Bug 638773 - permissions too loose on pid and lock files -- Bug 189985 - Improve attribute uniqueness error message -- Bug 619623 - attr-unique-plugin ignores requiredObjectClass on modrdn operat -ions -- Bug 619633 - Make attribute uniqueness obey requiredObjectClass - -* Wed Oct 27 2010 Rich Megginson - 1.2.7-0.4.a3 -- 1.2.7.a3 release - a2 was never released - this is a rebuild to pick up -- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs -- Adding the ancestorid fix code to ##upgradednformat.pl. - -* Fri Oct 22 2010 Rich Megginson - 1.2.7-0.3.a3 -- 1.2.7.a3 release - a2 was never released -- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs -- Bug 629681 - Retro Changelog trimming does not behave as expected -- Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif -- are not upgraded in the server instance schema dir - -* Tue Oct 19 2010 Rich Megginson - 1.2.7-0.2.a2 -- 1.2.7.a2 release - a1 was the OpenLDAP testday release -- git tag 389-ds-base-1.2.7.a2 -- added openldap support on platforms that use openldap with moznss -- for crypto (F-14 and later) -- many bug fixes -- Account Policy Plugin (keep track of last login, disable old accounts) - -* Fri Oct 8 2010 Rich Megginson - 1.2.7-0.1.a1 -- added openldap support - -* Wed Sep 29 2010 Rich Megginson - 1.2.6.1-3 -- bump rel to rebuild again - -* Mon Sep 27 2010 Rich Megginson - 1.2.6.1-2 -- bump rel to rebuild - -* Thu Sep 23 2010 Rich Megginson - 1.2.6.1-1 -- This is the 1.2.6.1 release - git tag 389-ds-base-1.2.6.1 -- Bug 634561 - Server crushes when using Windows Sync Agreement -- Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self -- Bug 612264 - ACI issue with (targetattr='userPassword') -- Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" -- Bug 631862 - crash - delete entries not in cache + referint - -* Thu Aug 26 2010 Rich Megginson - 1.2.6-1 -- This is the final 1.2.6 release - -* Tue Aug 10 2010 Rich Megginson - 1.2.6-0.11.rc7 -- 1.2.6 release candidate 7 -- git tag 389-ds-base-1.2.6.rc7 -- Bug 621928 - Unable to enable replica (rdn problem?) on 1.2.6 rc6 - -* Mon Aug 2 2010 Rich Megginson - 1.2.6-0.10.rc6 -- 1.2.6 release candidate 6 -- git tag 389-ds-base-1.2.6.rc6 -- Bug 617013 - repl-monitor.pl use cpu upto 90% -- Bug 616618 - 389 v1.2.5 accepts 2 identical entries with different DN formats -- Bug 547503 - replication broken again, with 389 MMR replication and TCP errors -- Bug 613833 - Allow dirsrv_t to bind to rpc ports -- Bug 612242 - membership change on DS does not show on AD -- Bug 617629 - Missing aliases in new schema files -- Bug 619595 - Upgrading sub suffix under non-normalized suffix disappears -- Bug 616608 - SIGBUS in RDN index reads on platforms with strict alignments -- Bug 617862 - Replication: Unable to delete tombstone errors -- Bug 594745 - Get rid of dirsrv_lib_t label - -* Wed Jul 14 2010 Rich Megginson - 1.2.6-0.9.rc3 -- make selinux-devel explicit Require the base package in order -- to comply with Fedora Licensing Guidelines - -* Thu Jul 1 2010 Rich Megginson - 1.2.6-0.8.rc3 -- 1.2.6 release candidate 3 -- git tag 389-ds-base-1.2.6.rc3 -- Bug 603942 - null deref in _ger_parse_control() for subjectdn -- 609256 - Selinux: pwdhash fails if called via Admin Server CGI -- 578296 - Attribute type entrydn needs to be added when subtree rename switch is on -- 605827 - In-place upgrade: upgrade dn format should not run in setup-ds-admin.pl -- Bug 604453 - SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll -- Bug 604453 - SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll -- 606920 - anonymous resource limit - nstimelimit - also applied to "cn=directory manager" - -* Wed Jun 16 2010 Rich Megginson - 1.2.6-0.7.rc2 -- 1.2.6 release candidate 2 - -* Mon Jun 14 2010 Nathan Kinder - 1.2.6-0.6.rc1 -- install replication session plugin header with devel package - -* Wed Jun 9 2010 Rich Megginson - 1.2.6-0.5.rc1 -- 1.2.6 release candidate 1 - -* Tue Jun 01 2010 Marcela Maslanova - 1.2.6-0.4.a4.1 -- Mass rebuild with perl-5.12.0 - -* Wed May 26 2010 Rich Megginson - 1.2.6-0.4.a4 -- 1.2.6.a4 release - -* Wed Apr 7 2010 Nathan Kinder - 1.2.6-0.4.a3 -- 1.2.6.a3 release -- add managed entries plug-in -- many bug fixes -- moved selinux subpackage into base package - -* Fri Apr 2 2010 Caolán McNamara - 1.2.6-0.3.a2 -- rebuild for icu 4.4 - -* Tue Mar 2 2010 Rich Megginson - 1.2.6-0.2.a2 -- 1.2.6.a2 release -- add support for matching rules -- many bug fixes - -* Thu Jan 14 2010 Nathan Kinder - 1.2.6-0.1.a1 -- 1.2.6.a1 release -- Added SELinux policy and subpackages - -* Tue Jan 12 2010 Rich Megginson - 1.2.5-1 -- 1.2.5 final release - -* Mon Jan 4 2010 Rich Megginson - 1.2.5-0.5.rc4 -- 1.2.5.rc4 release - -* Thu Dec 17 2009 Rich Megginson - 1.2.5-0.4.rc3 -- 1.2.5.rc3 release - -* Mon Dec 7 2009 Rich Megginson - 1.2.5-0.3.rc2 -- 1.2.5.rc2 release - -* Wed Dec 2 2009 Rich Megginson - 1.2.5-0.2.rc1 -- 1.2.5.rc1 release - -* Thu Nov 12 2009 Rich Megginson - 1.2.5-0.1.a1 -- 1.2.5.a1 release - -* Thu Oct 29 2009 Rich Megginson - 1.2.4-1 -- 1.2.4 release -- resolves bug 221905 - added support for Salted MD5 (SMD5) passwords - primarily for migration -- resolves bug 529258 - Make upgrade remove obsolete schema from 99user.ldif - -* Mon Sep 14 2009 Rich Megginson - 1.2.3-1 -- 1.2.3 release -- added template-initconfig to %%files -- %%posttrans now runs update to update the server instances -- servers are shutdown, then restarted if running before install -- scriptlets mostly use lua now to pass data among scriptlet phases - -* Tue Sep 01 2009 Caolán McNamara - 1.2.2-2 -- rebuild with new openssl to fix dependencies - -* Tue Aug 25 2009 Rich Megginson - 1.2.2-1 -- backed out - added template-initconfig to %%files - this change is for the next major release -- bump version to 1.2.2 -- fix reopened 509472 db2index all does not reindex all the db backends correctly -- fix 518520 - pre hashed salted passwords do not work -- see https://bugzilla.redhat.com/show_bug.cgi?id=518519 for the list of -- bugs fixed in 1.2.2 - -* Fri Aug 21 2009 Tomas Mraz - 1.2.1-5 -- rebuilt with new openssl - -* Wed Aug 19 2009 Noriko Hosoi - 1.2.1-4 -- added template-initconfig to %%files - -* Wed Aug 12 2009 Rich Megginson - 1.2.1-3 -- added BuildRequires pcre - -* Fri Jul 24 2009 Fedora Release Engineering - 1.2.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Mon May 18 2009 Rich Megginson - 1.2.1-1 -- change name to 389 -- change version to 1.2.1 -- added initial support for numeric string syntax -- added initial support for syntax validation -- added initial support for paged results including sorting - -* Tue Apr 28 2009 Rich Megginson - 1.2.0-4 -- final release 1.2.0 -- Resolves: bug 475338 - LOG: the intenal type of maxlogsize, maxdiskspace and minfreespace should be 64-bit integer -- Resolves: bug 496836 - SNMP ldap-agent on Solaris: Unable to open semaphore for server: 389 -- CVS tag: FedoraDirSvr_1_2_0 FedoraDirSvr_1_2_0_20090428 - -* Mon Apr 6 2009 Rich Megginson - 1.2.0-3 -- re-enable ppc builds - -* Thu Apr 2 2009 Rich Megginson - 1.2.0-2 -- exclude ppc builds - needs extensive porting work - -* Mon Mar 30 2009 Rich Megginson - 1.2.0-1 -- new release 1.2.0 -- Made devel package depend on mozldap-devel -- only create run dir if it does not exist -- CVS tag: FedoraDirSvr_1_2_0_RC1 FedoraDirSvr_1_2_0_RC1_20090330 - -* Thu Oct 30 2008 Noriko Hosoi - 1.1.3-7 -- added db4-utils to Requires for verify-db.pl - -* Mon Oct 13 2008 Noriko Hosoi - 1.1.3-6 -- Enabled LDAPI autobind - -* Thu Oct 9 2008 Rich Megginson - 1.1.3-5 -- updated update to patch bug463991-bdb47.patch - -* Thu Oct 9 2008 Rich Megginson - 1.1.3-4 -- updated patch bug463991-bdb47.patch - -* Mon Sep 29 2008 Rich Megginson - 1.1.3-3 -- added patch bug463991-bdb47.patch -- make ds work with bdb 4.7 - -* Wed Sep 24 2008 Rich Megginson - 1.1.3-2 -- rolled back bogus winsync memory leak fix - -* Tue Sep 23 2008 Rich Megginson - 1.1.3-1 -- winsync api improvements for modify operations - -* Fri Jun 13 2008 Rich Megginson - 1.1.2-1 -- This is the 1.1.2 release. The bugs fixed can be found here -- https://bugzilla.redhat.com/showdependencytree.cgi?id=452721 -- Added winsync-plugin.h to the devel subpackage - -* Fri Jun 6 2008 Rich Megginson - 1.1.1-2 -- bump rev to rebuild and pick up new version of ICU - -* Fri May 23 2008 Rich Megginson - 1.1.1-1 -- 1.1.1 release candidate - several bug fixes - -* Wed Apr 16 2008 Rich Megginson - 1.1.0.1-4 -- fix bugzilla 439829 - patch to allow working with NSS 3.11.99 and later - -* Tue Mar 18 2008 Tom "spot" Callaway - 1.1.0.1-3 -- add patch to allow server to work with NSS 3.11.99 and later -- do NSS_Init after fork but before detaching from console - -* Tue Mar 18 2008 Tom "spot" Callaway - 1.1.0.1-3 -- add Requires for versioned perl (libperl.so) - -* Wed Feb 27 2008 Rich Megginson - 1.1.0.1-2 -- previous fix for 434403 used the wrong patch -- this is the right one - -* Wed Feb 27 2008 Rich Megginson - 1.1.0.1-1 -- Resolves bug 434403 - GCC 4.3 build fails -- Rolled new source tarball which includes Nathan's fix for the struct ucred -- NOTE: Change version back to 1.1.1 for next release -- this release was pulled from CVS tag FedoraDirSvr110_gcc43 - -* Tue Feb 19 2008 Fedora Release Engineering - 1.1.0-5 -- Autorebuild for GCC 4.3 - -* Thu Dec 20 2007 Rich Megginson - 1.1.0-4 -- This is the GA release of Fedora DS 1.1 -- Removed version numbers for BuildRequires and Requires -- Added full URL to source tarball - -* Fri Dec 07 2007 Release Engineering - 1.1.0-3 -- Rebuild for deps - -* Wed Nov 7 2007 Rich Megginson - 1.1.0-2.0 -- This is the beta2 release -- new file added to package - /etc/sysconfig/dirsrv - for setting -- daemon environment as is usual in other linux daemons - -* Thu Aug 16 2007 Rich Megginson - 1.1.0-1.2 -- fix build breakage due to open() -- mock could not find BuildRequires: db4-devel >= 4.2.52 -- mock works if >= version is removed - it correctly finds db4.6 - -* Fri Aug 10 2007 Rich Megginson - 1.1.0-1.1 -- Change pathnames to use the pkgname macro which is dirsrv -- get rid of cvsdate in source name - -* Fri Jul 20 2007 Rich Megginson - 1.1.0-0.3.20070720 -- Added Requires for perldap, cyrus sasl plugins -- Removed template-migrate* files -- Added perl module directory -- Removed install.inf - setup-ds.pl can now easily generate one - -* Mon Jun 18 2007 Nathan Kinder - 1.1.0-0.2.20070320 -- added requires for mozldap-tools - -* Tue Mar 20 2007 Rich Megginson - 1.1.0-0.1.20070320 -- update to latest sources -- added migrateTo11 to allow migrating instances from 1.0.x to 1.1 -- ldapi support -- fixed pam passthru plugin ENTRY method - -* Fri Feb 23 2007 Rich Megginson - 1.1.0-0.1.20070223 -- Renamed package to fedora-ds-base, but keep names of paths/files/services the same -- use the shortname macro (fedora-ds) for names of paths, files, and services instead -- of name, so that way we can continue to use e.g. /etc/fedora-ds instead of /etc/fedora-ds-base -- updated to latest sources - -* Tue Feb 13 2007 Rich Megginson - 1.1.0-0.1.20070213 -- More cleanup suggested by Dennis Gilmore -- This is the fedora extras candidate based on cvs tag FedoraDirSvr110a1 - -* Fri Feb 9 2007 Rich Megginson - 1.1.0-1.el4.20070209 -- latest sources -- added init scripts -- use /etc as instconfigdir - -* Wed Feb 7 2007 Rich Megginson - 1.1.0-1.el4.20070207 -- latest sources -- moved all executables to _bindir - -* Mon Jan 29 2007 Rich Megginson - 1.1.0-1.el4.20070129 -- latest sources -- added /var/tmp/fedora-ds to dirs - -* Fri Jan 26 2007 Rich Megginson - 1.1.0-8.el4.20070125 -- added logconv.pl -- added slapi-plugin.h to devel package -- added explicit dirs for /var/log/fedora-ds et. al. - -* Thu Jan 25 2007 Rich Megginson - 1.1.0-7.el4.20070125 -- just move all .so files into the base package from the devel package - -* Thu Jan 25 2007 Rich Megginson - 1.1.0-6.el4.20070125 -- Move the plugin *.so files into the main package instead of the devel -- package because they are loaded directly by name via dlopen - -* Fri Jan 19 2007 Rich Megginson - 1.1.0-5.el4.20070125 -- Move the script-templates directory to datadir/fedora-ds - -* Fri Jan 19 2007 Rich Megginson - 1.1.0-4.el4.20070119 -- change mozldap to mozldap6 - -* Fri Jan 19 2007 Rich Megginson - 1.1.0-3.el4.20070119 -- remove . from cvsdate define - -* Fri Jan 19 2007 Rich Megginson - 1.1.0-2.el4.20070119 -- Having a problem building in Brew - may be Release format - -* Fri Jan 19 2007 Rich Megginson - 1.1.0-1.el4.cvs20070119 -- Changed version to 1.1.0 and added Release 1.el4.cvs20070119 -- merged in changes from Fedora Extras candidate spec file - -* Mon Jan 15 2007 Rich Megginson - 1.1-0.1.cvs20070115 -- Bump component versions (nspr, nss, svrcore, mozldap) to their latest -- remove unneeded patches - -* Tue Jan 09 2007 Dennis Gilmore - 1.1-0.1.cvs20070108 -- update to a cvs snapshot -- fedorafy the spec -- create -devel subpackage -- apply a patch to use mozldap not mozldap6 -- apply a patch to allow --prefix to work correctly - -* Mon Dec 4 2006 Rich Megginson - 1.0.99-16 -- Fixed the problem where the server would crash upon shutdown in dblayer -- due to a race condition among the database housekeeping threads -- Fix a problem with normalized absolute paths for db directories - -* Tue Nov 28 2006 Rich Megginson - 1.0.99-15 -- Touch all of the ldap/admin/src/scripts/*.in files so that they -- will be newer than their corresponding script template files, so -- that make will rebuild them. - -* Mon Nov 27 2006 Rich Megginson - 1.0.99-14 -- Chown new schema files when copying during instance creation - -* Tue Nov 21 2006 Rich Megginson - 1.0.99-13 -- Configure will get ldapsdk_bindir from pkg-config, or $libdir/mozldap6 - -* Tue Nov 21 2006 Rich Megginson - 1.0.99-12 -- use eval to sed ./configure into ../configure - -* Tue Nov 21 2006 Rich Megginson - 1.0.99-11 -- jump through hoops to be able to run ../configure - -* Tue Nov 21 2006 Rich Megginson - 1.0.99-10 -- Need to make built dir in setup section - -* Tue Nov 21 2006 Rich Megginson - 1.0.99-9 -- The template scripts needed to use @libdir@ instead of hardcoding -- /usr/lib -- Use make DESTDIR=$RPM_BUILD_ROOT install instead of % makeinstall -- do the actual build in a "built" subdirectory, until we remove -- the old script templates - -* Thu Nov 16 2006 Rich Megginson - 1.0.99-8 -- Make replication plugin link with libdb - -* Wed Nov 15 2006 Rich Megginson - 1.0.99-7 -- Have make define LIBDIR, BINDIR, etc. for C code to use -- especially for create_instance.h - -* Tue Nov 14 2006 Rich Megginson - 1.0.99-6 -- Forgot to checkin new config.h.in for AC_CONFIG_HEADERS - -* Tue Nov 14 2006 Rich Megginson - 1.0.99-5 -- Add perldap as a Requires; update sources - -* Thu Nov 9 2006 Rich Megginson - 1.0.99-4 -- Fix ds_newinst.pl -- Remove obsolete #defines - -* Thu Nov 9 2006 Rich Megginson - 1.0.99-3 -- Update sources; rebuild to populate brew yum repo with dirsec-nss - -* Tue Nov 7 2006 Rich Megginson - 1.0.99-2 -- Update sources - -* Thu Nov 2 2006 Rich Megginson - 1.0.99-1 -- initial revision +%autochangelog diff --git a/389-ds-base.sysusers b/389-ds-base.sysusers new file mode 100644 index 0000000..32a3452 --- /dev/null +++ b/389-ds-base.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g dirsrv 389 +u dirsrv 389:389 "user for 389-ds-base" /usr/share/dirsrv/ /sbin/nologin diff --git a/changelog b/changelog new file mode 100644 index 0000000..4500dfa --- /dev/null +++ b/changelog @@ -0,0 +1,513 @@ +* Tue May 14 2024 James Chapman - 3.1.0-1 +- Bump version to 3.1.0 +- Issue 6142 - Fix CI tests (#6161) +- Issue 6157 - Cockipt crashes when getting replication status if topology contains an old 389ds version (#6158) +- Issue 5105 - lmdb - Cannot create entries with long rdn - fix covscan (#6131) +- Issue 6086 - Ambiguous warning about SELinux in dscreate for non-root user +- Issue 6094 - Add coverity scan workflow +- Issue 5962 - Rearrange includes for 32-bit support logic +- Issue 6046 - Make dscreate to work during kickstart installations +- Issue 6073 - Improve error log when running out of memory (#6084) +- Issue 6071 - Instance creation/removal is slow +- Issue 6010 - 389 ds ignores nsslapd-maxdescriptors (#6027) +- Issue 6075 - Ignore build artifacts (#6076) +- Issue 6068 - Add dscontainer stop function + +* Mon Apr 15 2024 James Chapman - 3.0.2-1 +- Bump version to 3.0.2 +- Issue 6082 - Remove explicit dependencies toward libdb - revert default (#6145) +- Issue 6142 - [RFE] Add LMDB configuration related checks into Healthcheck tool (#6143) +- Issue 6141 - freeipa test_topology_TestCASpecificRUVs is failing (#6144) +- Issue 6136 - failure in freeipa tests (#6137) +- Issue 6119 - Synchronise accept_thread with slapd_daemon (#6120) +- Issue 6105 - lmdb - Cannot create entries with long rdn (#6130) +- Issue 6082 - Remove explicit dependencies toward libdb (#6083) +- Issue i6057 - Fix3 - Fix covscan issues (#6127) +- Issue 6057 - vlv search may result wrong result with lmdb - Fix 2 (#6121) +- Issue 6057 - vlv search may result wrong result with lmdb (#6091) +- Issue 6092 - passwordHistory is not updated with a pre-hashed password (#6093) +- Issue 6133 - Move slapi_pblock_set_flag_operation_notes() to slapi-plugin.h +- Issue 6125 - dscreate interactive fails when chosing mdb backend (#6126) +- Issue 6110 - Typo in Account Policy plugin message +- Issue 6080 - ns-slapd crash in referint_get_config (#6081) +- Issue 6117 - Fix the UTC offset print (#6118) +- Issue 5305 - OpenLDAP version autodetection doesn't work +- Issue 6112 - RFE - add new operation note for MFA authentications +- Issue 5842 - Add log buffering to audit log +- Issue 3527 - Support HAProxy and Instance on the same machine configuration (#6107) +- Issue 6103 - New connection timeout error breaks errormap (#6104) +- Issue 6096 - Improve connection timeout error logging (#6097) +- Issue 6067 - Improve dsidm CLI No Such Entry handling (#6079) +- Issue 6067 - Add hidden -v and -j options to each CLI subcommand (#6088) +- Issue 6061 - Certificate lifetime displayed as NaN + +* Wed Jan 31 2024 Pete Walter - 3.0.1-2 +- Rebuild for ICU 74 + +* Tue Jan 30 2024 Simon Pichugin - 3.0.1-1 +- Bump version to 3.0.1 +- Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045) +- Issue 3555 - Remove audit-ci from dependencies (#6056) +- Issue 6052 - Paged results test sets hostname to `localhost` on test collection +- Issue 6051 - Drop unused pytest markers +- Issue 6049 - lmdb - changelog is wrongly recreated by reindex task (#6050) +- Issue 6047 - Add a check for tagged commits +- Issue 6041 - dscreate ds-root - accepts relative path (#6042) +- Switch default backend to lmdb and bump version to 3.0 (#6013) +- Issue 6032 - Replication broken after backup restore (#6035) +- Issue 6037 - Server crash at startup in vlvIndex_delete (#6038) +- Issue 6034 - Change replica_id from str to int +- Issue 6028 - vlv index keys inconsistencies (#6031) +- Issue 5989 - RFE support of inChain Matching Rule (#5990) +- Issue 6022 - lmdb inconsistency between vlv index and vlv cache names (#6026) +- Issue 6015 - Fix typo remeber (#6014) +- Issue 6016 - Pin upload/download artifacts action to v3 +- Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) +- Issue 4673 - Update Rust crates +- Issue 6004 - idletimeout may be ignored (#6005) +- Issue 5954 - Disable Transparent Huge Pages +- Issue 5997 - test_inactivty_and_expiration CI testcase is wrong (#5999) +- Issue 5993 - Fix several race condition around CI tests (#5996) +- Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) +- Bump openssl from 0.10.55 to 0.10.60 in /src (#5995) +- Issue 5980 - Improve instance startup failure handling (#5991) +- Issue 5976 - Fix freeipa install regression with lmdb (#5977) +- Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987) +- Issue 5984 - Crash when paged result search are abandoned (#5985) +- Issue 5947 - CI test_vlv_recreation_reindex fails on LMDB (#5979) + +* Mon Jan 29 2024 Fedora Release Engineering - 2.4.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 2.4.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 2.4.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 18 2024 Fedora Release Engineering - 2.4.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 18 2024 Viktor Ashirov - 2.4.5-1 +- Bump version to 2.4.5 +- Issue 5989 - RFE support of inChain Matching Rule (#5990) +- Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) +- Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) +- Issue 5954 - Disable Transparent Huge Pages +- Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987) +- Issue 5984 - Crash when paged result search are abandoned (#5985) + +* Wed Nov 15 2023 James Chapman - 2.4.4 +- Bump version to 2.4.4 +- Issue 5971 - CLI - Fix password prompt for repl status (#5972) +- Issue 5973 - Fix fedora cop RawHide builds (#5974) +- Revert "Issue 5761 - Worker thread dynamic management (#5796)" (#5970) +- Issue 5966 - CLI - Custom schema object is removed on a failed edit (#5967) +- Issue 5786 - Update permissions for Release workflow +- Issue 5960 - Subpackages should have more strict interdependencies +- Issue 3555 - UI - Fix audit issue with npm - babel/traverse (#5959) +- Issue 4843 - Fix dscreate create-template issue (#5950) +- bugfix for --passwd-file not working on latest version (#5934) +- Issue 5843 - dsconf / dscreate should be able to handle lmdb parameters (#5943) +- Bump postcss from 8.4.24 to 8.4.31 in /src/cockpit/389-console (#5945) +- Issue 5938 - Attribute Names changed to lowercase after adding the Attributes (#5940) +- issue 5924 - ASAN server build crash when looping opening/closing connections (#5926) +- Issue 1925 - Add a CI test (#5936) +- Issue 5732 - Localizing Cockpit's 389ds Plugin using CockpitPoPlugin (#5764) +- Issue 1870 - Add a CI test (#5929) +- Issue 843 - Add a warning to slapi_valueset_add_value_ext (#5925) +- Issue 5761 - Worker thread dynamic management (#5796) +- Issue 1802 - Improve ldclt man page (#5928) +- Issue 1456 - Add a CI test that verifies there is no issue (#5927) +- Issue 1317 - Add a CI test (#5923) +- Issue 1081 - CI - Add more tests for overwriting x-origin issue (#5815) +- Issue 1115 - Add a CI test (#5913) +- Issue 5848 - Fix condition and add a CI test (#5916) +- Issue 5848 - Fix condition and add a CI test (#5916) +- Issue 5914 - UI - server settings page validation improvements and db index fixes +- Issue 5909 - Multi listener hang with 20k connections (#5917) +- Issue 5902 - Fix previous commit regression (#5919) +- pass instance correctly to ds_is_older (#5903) +- Issue 5909 - Multi listener hang with 20k connections (#5910) +- Issue 5722 - improve testcase (#5904) +- Issue 5203 - outdated version in provided metadata for lib389 +- Bug Description: +- issue 5890 part 2 - Need a tester for testing multiple listening thread feature (#5897) +- Issue i5846 - Crash when lmdb import is aborted (#5881) +- Issue 5894 - lmdb import error fails with Could not store the entry (#5895) +- Issue 5890 - Need a tester for testing multiple listening thread feature (#5891) +- Issue 5082 - slugify: ModuleNotFoundError when running test cases +- Issue 4551 - Part 2 - Fix build warning of previous PR (#5888) +- Issue 5834 - AccountPolicyPlugin erroring for some users (#5866) +- Issue 5872 - part 2 - fix is_dbi regression (#5887) +- Issue 4758 - Add tests for WebUI +- Issue 5848 - dsconf should prevent setting the replicaID for hub and consumer roles (#5849) +- Issue 5883 - Remove connection mutex contention risk on autobind (#5886) +- Issue 5872 - `dbscan()` in lib389 can return bytes + +* Thu Aug 3 2023 Mark Reynolds - 2.4.3-1 +- Bump version to 2.4.3-1 +- Issue 5729 - Memory leak in factory_create_extension (#5814) +- Issue 5870 - ns-slapd crashes at startup if a backend has no suffix (#5871) +- Issue 5876 - CI Test random failure - Import (#5879) +- Issue 5877 - test_basic_ldapagent breaks test_setup_ds_as_non_root* tests +- Issue 5867 - lib389 should use filter for tarfile as recommended by PEP 706 (#5868) +- Issue 5853 - Update Cargo.lock and fix minor warning (#5854) +- Issue 5785 - CLI - arg completion is broken +- Issue 5864 - Server fails to start after reboot because it's unable to access nsslapd-rundir +- Issue 5856 - SyntaxWarning: invalid escape sequence '\,' +- Issue 5859 - dbscan fails with AttributeError: 'list' object has no attribute 'extends' +- Issue 3527 - UI - Add nsslapd-haproxy-trusted-ip to server setting (#5839) +- Issue 4551 - Paged search impacts performance (#5838) +- Issue 4758 - Add tests for WebUI +- Issue 4169 - UI - Fix retrochangelog and schema Typeaheads (#5837) +- issue 5833 - dsconf monitor backend fails on lmdb (#5835) +- Issue 3555 - UI - Fix audit issue with npm - stylelint (#5836) + +* Mon Jul 24 2023 Mark Reynolds - 2.4.2-5 +- Bump version to 2.4.2-5 +- Add the bash completion scripts to the appropriate files section + +* Wed Jul 19 2023 Fedora Release Engineering - 2.4.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jul 11 2023 František Zatloukal - 2.4.2-3 +- Rebuilt for ICU 73.2 + +* Mon Jul 10 2023 Mark Reynolds - 2.4.2-2 +- Bump version to 2.4.2-2 +- Issue 5752 - RFE - Provide a history for LastLoginTime (#5807) += Issue 4719 - CI - Add dsconf add a PTA URL test + +* Fri Jul 7 2023 Mark Reynolds - 2.4.2-1 +- Bump version to 2.4.2 +- Issue 5793 - UI - fix suffix selection in export modal +- Issue 5793 - UI - Fix minor crashes (#5827) +- Issue 5825 - healthcheck - password storage scheme warning needs more info +- Issue 5822 - Allow empty export path for db2ldif +- Issue 5755 - Massive memory leaking on update operations (#5824) +- Issue 5701 - CI - Add more tests for referral mode fix (#5810) +- Issue 5551 - Almost empty and not loaded ns-slapd high cpu load +- Issue 5755 - The Massive memory leaking on update operations (#5803) +- Issue 2375 - CLI - Healthcheck - revise and add new checks +- Bump openssl from 0.10.52 to 0.10.55 in /src +- Issue 5793 - UI - movce from webpack to esbuild bundler +- Issue 5752 - CI - Add more tests for lastLoginHistorySize RFE (#5802) +- Issue 3527 - Fix HAProxy x390x compatibility and compiler warnings (#5801) +- Issue 5798 - CLI - Add multi-valued support to dsconf config (#5799) +- Issue 5781 - Bug handling return code of pre-extended operation plugin. +- Issue 5785 - move bash completion to post section of specfile +- Issue 5156 - (cont) RFE slapi_memberof reusing memberof values (#5744) +- Issue 4758 - Add tests for WebUI +- Issue 3527 - Add PROXY protocol support (#5762) +- Issue 5789 - Improve ds-replcheck error handling +- Issue 5786 - CLI - registers tools for bash completion +- Issue 5786 - Set minimal permissions on GitHub Workflows (#5787) +- Issue 5646 - Various memory leaks (#5725) +- Issue 5778 - UI - Remove error message if .dsrc is missing +- Issue 5751 - Cleanallruv task crashes on consumer (#5775) + +* Wed Jun 28 2023 Python Maint - 2.4.1-2 +- Rebuilt for Python 3.12 + +* Thu May 18 2023 Mark Reynolds - 2.4.1-1 +- Bump version to 2.4.1 +- Issue 5770 - RFE - Extend Password Adminstrators to allow skipping password info updates +- Issue 5768 - CLI/UI - cert checks are too strict, and other issues +- Issue 5722 - fix compilation warnings (#5771) +- Issue 5765 - Improve installer selinux handling +- Issue 152 - RFE - Add support for LDAP alias entries +- Issue 5052 - BUG - Custom filters prevented entry deletion (#5060) +- Issue 5752 - RFE - Provide a history for LastLoginTime (#5753) +- Issue 5722 - RFE When a filter contains 'nsrole', improve response time by rewriting the filter (#5723) +- Issue 5704 - crash in sync_refresh_initial_content (#5720) +- Issue 5738 - RFE - UI - Read/write replication monitor info to .dsrc file +- Issue 5156 - build warnings (#5758) +- Issue 5749 - RFE - Allow Account Policy Plugin to handle inactivity and expiration at the same time +- Issue 5743 - Disabling replica crashes the server (#5746) +- Issue 2562 - Copy config files into backup directory +- Issue 5156 - fix build breakage from slapi-memberof commit +- Issue 4758 - Add tests for WebUI + +* Tue Apr 25 2023 Mark Reynolds - 2.4.0-1 +- Bump version to 2.4.0 +- Issue 5156 - RFE that implement slapi_memberof (#5694) +- Issue 5734 - RFE - Exclude pwdFailureTime and ContextCSN (#5735) +- Issue 5726 - ns-slapd crashing in ldbm_back_upgradednformat (#5727) +- Issue 4758 - Add tests for WebUI +- Issue 5718 - Memory leak in connection table (#5719) +- Issue 5705 - Add config parameter to close client conns on failed bind (#5712) +- Issue 4758 - Add tests for WebUI +- Issue 5643 - Memory leak in entryrdn during delete (#5717) +- Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations +- Issue 5701 - CLI - Fix referral mode setting (#5708) +- Bump openssl from 0.10.45 to 0.10.48 in /src (#5709) +- Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711) +- Issue 5697 - Obsolete nsslapd-ldapimaprootdn attribute (#5698) +- Issue 1081 - Stop schema replication from overwriting x-origin +- Issue 4812 - Listener thread does not scale with a high num of established connections (#5706) +- Issue 4812 - Listener thread does not scale with a high num of established connections (#5681) +- Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699) +- Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692) +- Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691) +- Issue 5687 - UI - sensitive information disclosure +- Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV (#5676) +- Issue 5554 - Add more tests to security_basic_test suite +- Issue 4583 - Update specfile to skip checks of ASAN builds +- Issue 4758 - Add tests for WebUI +- Issue 3604 - UI - Add support for Subject Alternative Names in CSR +- Issue 5600 - buffer overflow when enabling sync repl plugin when dynamic plugins is enabled +- Issue 5640 - Update logconv for new logging format +- Issue 5162 - CI - fix error message for invalid pem file +- Issue 5598 - In 2.x, SRCH throughput drops by 10% because of handling of referral (#5604) +- Issue 5671 - covscan - clang warning (#5672) +- Issue 5267 - CI - Fix issues with nsslapd-return-original-entrydn +- Issue 5666 - CLI - Add timeout parameter for tasks +- Issue 5567 - CLI - make ldifgen use the same default ldif name for all options +- Issue 5647 - Fix unused variable warning from previous commit (#5670) +- Issue 5162 - Lib389 - verify certificate type before adding +- Issue 5642 - Build fails against setuptools 67.0.0 +- Issue 5630 - CLI - need to add logging filter for stdout +- Issue 5646 - CLI/UI - do not hardcode password storage schemes +- Issue 5640 - Update logconv for new logging format +- issue 5647 - covscan: memory leak in audit log when adding entries (#5650) +- Issue 5658 - CLI - unable to add attribute with matching rule +- Issue 5653 - covscan - fix invalid dereference +- Issue 5652 - Libasan crash in replication/cascading_test (#5659) +- Issue 5628 - Handle graceful timeout in CI tests (#5657) +- Issue 5648 - Covscan - Compiler warnings (#5651) +- Issue 5630 - CLI - error messages should goto stderr +- Issue 2435 - RFE - Raise IDL Scan Limit to INT_MAX (#5639) +- Issue 5632 - CLI - improve error handling with db2ldif +- Issue 5517 - Replication conflict CI test sometime fails (#5518) +- Issue 5634 - Deprecated warning related to github action workflow code (#5635) +- Issue 5637 - Covscan - fix Buffer Overflows (#5638) +- Issue 5624 - RFE - UI - export certificates, and import text base64 encoded certificates +- Bump tokio from 1.24.1 to 1.25.0 in /src (#5629) +- Issue 4577 - Add LMDB pytest github action (#5627) +- Issue 4293 - RFE - CLI - add dsrc options for setting user and group subtrees +- Remove stale libevent(-devel) dependency +- Issue 5578 - dscreate ds-root does not normaile paths (#5613) +- Issue 5497 - boolean attributes should be case insensitive + +* Fri Mar 31 2023 Viktor Ashirov - 2.3.2-3 +- Fix build issue against setuptools 67.0.0 (#2183375) + +* Tue Feb 28 2023 Simon Pichugin - 2.3.2-2 +- Use systemd-sysusers for dirsrv user and group (#2173834) + +* Mon Jan 23 2023 Mark Reynolds - 2.3.2-1 +- Bump version to 2.3.2 +- Issue 5547 - automember plugin improvements +- Issue 5607, 5351, 5611 - UI/CLI - fix various issues +- Issue 5610 - Build failure on Debian +- Issue 5608 - UI - need to replace some "const" with "let" +- Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579) +- Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584) +- Issue 5605 - Adding a slapi_log_backtrace function in libslapd (#5606) +- Issue 5602 - UI - browser crash when trying to modify read-only variable +- Issue 5581 - UI - Support cockpit dark theme +- Issue 5593 - CLI - dsidm account subtree-status fails with TypeError +- Issue 5591 - BUG - Segfault in cl5configtrim with invalid confi (#5592) +- Fix latest npm audit failures +- Issue 5599 - CI - webui tests randomly fail +- Issue 5348 - RFE - CLI - add functionality to do bulk updates to entries +- Issue 5588 - Fix CI tests +- Issue 5585 - lib389 password policy DN handling is incorrect (#5587) +- Issue 5521 - UI - Update plugins for new split PAM and LDAP pass thru auth +- Bump json5 from 2.2.1 to 2.2.3 in /src/cockpit/389-console +- Issue 5236 - UI add specialized group edit modal +- Issue 5550 - dsconf monitor crashes with Error math domain error (#5553) +- Issue 5278 - CLI - dsidm asks for the old password on password reset +- Issue 5531 - CI - use universal_lines in capture_output +- Issue 5425 - CLI - add confirmation arg when deleting backend +- Issue 5558 - non-root instance fails to start on creation (#5559) +- Issue 5545 - A random crash in import over lmdb (#5546) +- Issue 3615 - CLI - prevent virtual attribute indexing +- Update specfile and rust crates +- Issue 5413 - Allow mutliple MemberOf fixup tasks with different bases/filters +- Issue 5554 - Add more tests to security_basic_test suite (#5555) +- Issue 5561 - Nightly tests are failing +- Issue 5521 - RFE - split pass through auth cli +- Issue 5521 - BUG - Pam PTA multiple issues +- Issue 5544 - Increase default task TTL +- Issue 5526 - RFE - Improve saslauthd migration options (#5528) +- Issue 5539 - Make logger's parameter name unified (#5540) +- Issue 5541 - Fix typo in `lib389.cli_conf.backend._get_backend` (#5542) +- Issue 3729 - (cont) RFE Extend log of operations statistics in access log (#5538) +- Issue 5534 - Fix a rebase typo (#5537) +- Issue 5534 - Add copyright text to the repository files + +* Wed Jan 18 2023 Fedora Release Engineering - 2.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sat Dec 31 2022 Pete Walter - 2.3.1-2 +- Rebuild for ICU 72 + +* Fri Nov 18 2022 Mark Reynolds - 2.3.1-1 +- Bump version to 2.3.1 +- Issue 5532 - Make db compaction TOD day more robust. +- Issue 3729 - RFE Extend log of operations statistics in access log (#5508) +- Issue 5529 - UI - Fix npm vulnerability in loader-utils +- Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498) +- Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement +- Issue 5510 - remove twalk_r dependency to build on RHEL8 (#5516) +- Issue 5162 - RFE - CLI allow adding CA certificate bundles +- Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455) +- Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513) +- Issue 3555 - UI - fix audit issue with npm loader-utils (#5514) +- Issue 5505 - Fix compiler warning (#5506) +- Issue 5469 - Increase the default value of nsslapd-conntablesize (#5472) +- Issue 5408 - lmdb import is slow (#5481) +- Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed +- Issue 5502 - RFE - Add option to display entry attributes in audit log +- Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501) +- Issue 5367 - RFE - store full DN in database record +- Issue 5495 - RFE - skip dds during migration. (#5496) +- Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492) +- Issue 5368 - Retro Changelog trimming does not work (#5486) +- Issue 5487 - Fix various issues with logconv.pl +- Issue 5476 - RFE - add memberUid read aci by default (#5477) +- Issue 5482 - lib389 - Can not enable replication with a mixed case suffix +- Issue 5478 - Random crash in connection code during server shutdown (#5479) +- Issue 3061 - RFE - Add password policy debug log level +- Issue 5302 - Release tarballs don't contain cockpit webapp +- Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264) +- Issue 4324 - Revert recursive pthread mutex change (#5463) +- Issue 5462 - RFE - add missing default indexes (#5464) +- Issue 5465 - Fix dbscan linking (#5466) +- Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272) +- Issue 5453 - UI/CLI - Changing Root DN breaks UI +- Issue 5446 - Fix some covscan issues (#5451) +- Issue 4308 - checking if an entry is a referral is expensive +- Issue 5447 - UI - add NDN max cache size to UI +- Issue 5443 - UI - disable save button while saving +- Issue 5413 - Allow only one MemberOf fixup task at a time +- Issue 4592 - dscreate error with custom dir_path (#5434) +- Issue 5158 - entryuuid fixup tasks fails in replicated topology (#5439) + +* Tue Sep 20 2022 Mark Reynolds - 2.3.0-2 +- Bump version to 2.3.0-2 +- Update old pcre-devel requirement to pcre2-devel + +* Thu Sep 1 2022 Mark Reynolds - 2.3.0-1 +- Bump version to 2.3.0 +- Issue 5012 - Migrate pcre to pcre2 - remove match limit +- Issue 5356 - Make Rust non-optional and update default password storage scheme +- Issue 5012 - Migrate pcre to pcre2 +- Issue 5428 - Fix regression with nscpEntryWsi computation +- Fix missing 'not' in description (closes #5423) (#5424) +- Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422) +- Issue 3903 - fix repl keep alive event interval +- Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420) +- Issue 5415 - Hostname when set to localhost causing failures in other tests +- Issue 5412 - lib389 - do not set backend name to lowercase +- Issue 5407 - sync_repl crashes if enabled while dynamic plugin is enabled (#5411) +- Issue 5385 - LMDB - import crash in rdncache_add_elem (#5406) +- Issue 5403 - Memory leak in conntection table mulit list (#5404) +- Issue 3903 - keep alive update event starts too soon +- Issue 5397 - Fix various memory leaks +- Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400) +- Issue 3903 - Supplier should do periodic updates +- Issue 5377 - Code cleanup: Fix Covscan invalid reference (#5393) +- Issue 5394 - configure doesn't check for lmdb and json-c +- Issue 5392 - dscreate fails when using alternative ports in the SELinux hi_reserved_port_t label range +- Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387) +- Issue 5388 - fix use-after-free and deadcode +- Issue 5383 - UI - Various fixes and RFE's for UI +- Issue 4656 - Remove problematic language from source code +- Issue 5380 - Separate cleanAllRUV code into new file +- Issue 5322 - optime & wtime on rejected connections is not properly set +- Issue 5335 - RFE - Add Security Audit Log +- Issue 5375 - CI - disable TLS hostname checking +- Issue 981 - Managed Entries betxnpreoperation - transaction not aborted on managed entry failure (#5369) +- Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function +- Issue 5371 - Update npm and cargo packages +- Issue 3069 - Support ECDSA private keys for TLS (#5365) +- Issue 5290 - Importing certificate chain files via "import-server-key-cert" no longer works (#5293) + +* Mon Aug 01 2022 Frantisek Zatloukal - 2.2.2-3 +- Rebuilt for ICU 71.1 + +* Wed Jul 20 2022 Fedora Release Engineering - 2.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jul 5 2022 Mark Reynolds - 2.2.2-1 +- Bump version to 2.2.2 +- Issue 5221 - fix covscan (#5359) +- Issue 5294 - Report Portal 5 is not processing an XML file with (#5358) +- Issue 5353 - CLI - dsconf backend export breaks with multiple backends +- Issue 5346 - New connection table fails with ASAN failures (#5350) +- Issue 5345 - BUG - openldap migration fails when ppolicy is active (#5347) +- Issue 5323 - BUG - improve skipping of monitor db (#5340) +- Issue 5329 - Improve replication extended op logging +- Issue 5343 - Various improvements to winsync +- Issue 4932 - CLI - add parser aliases to long arg names +- Issue 5332 - BUG - normalise filter as intended +- Issue 5327 - Validate test metadata +- Issue 4812 - Scalability with high number of connections (#5090) +- Issue 4348 - Add tests for dsidm +- Issue 5333 - 389-ds-base fails to build with Python 3.11 + +* Thu Jun 16 2022 Python Maint - 2.2.1-4 +- Rebuilt for Python 3.11 + +* Wed Jun 15 2022 Mark Reynolds - 2.2.1-3 +- Bump version to 2.2.1-3 +- Issue 5332 - BUG - normalise filter as intended +- Issue 5327 - Validate test metadata +- Issue 4348 - Add tests for dsidm +- Bump crossbeam-utils from 0.8.6 to 0.8.8 in /src +- Issue 5333 - 389-ds-base fails to build with Python 3.11 + +* Mon Jun 13 2022 Python Maint - 2.2.1-2 +- Rebuilt for Python 3.11 + +* Fri Jun 3 2022 Mark Reynolds - 2.2.1-1 +- Bump version to 2.2.1 +- Issue 5323 - BUG - Fix issue in mdb tests with monitor (#5326) +- Issue 5170 - BUG - incorrect behaviour of filter test (#5315) +- Issue 5324 - plugin acceptance test needs hardening +- Issue 5319 - dsctl_tls_test.py fails with openssl-3.x +- Issue 5323 - BUG - migrating database for monitoring interface lead to crash (#5321) +- Issue 5304 - Need a compatibility option about sub suffix handling (#5310) +- Issue 5313 - dbgen test uses deprecated -h HOST and -p PORT options for ldapmodify +- Issue 5311 - Missing Requires for acl in the spec file +- Issue 5305 - OpenLDAP version autodetection doesn't work +- Issue 5307 - VERSION_PREREL is not set correctly in CI builds +- Issue 5302 - Release tarballs don't contain cockpit webapp +- Issue 5170 - RFE - improve filter logging to assist debugging (#5301) +- Issue 5299 - jemalloc 5.3 released +- Issue 5175 - Remove stale zlib-devel dependency declaration (#5173) +- Issue 5294 - Report Portal 5 is not processing test results XML file +- Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285) +- Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292) +- Issue 379 - RFE - Compress rotated logs (fix linker) +- Issue 379 - RFE - Compress rotated logs +- Issue 5281 - HIGH - basic test does not run +- Issue 5284 - Replication broken after password change (#5286) +- Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int' +- Issue 5170 - RFE - Filter optimiser (#5171) +- Issue 5276 - CLI - improve task handling +- Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153) +- Issue 3 - ansible-ds - Prefix handling fix (#5275) +- Issue 5273 - CLI - add arg completer for instance name +- Issue 2893 - CLI - dscreate - add options for setting up replication +- Issue 4866 - CLI - when enabling replication set changelog trimming by default +- Issue 5241 - UI - Add account locking missing functionality (#5251) +- Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266) +- Issue 4904 - Fix various small issues +- lib389 prerequisite for ansible-ds (#5253) +- Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261) +- Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256) +- Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255) +- Issue 5210 - Python undefined names in lib389 +- Issue 5065 - Crash in suite plugins - test_dna_max_value (#5108) +- Issue 5247 - BUG - Missing attributes in samba schema (#5248) +- Issue 5242- Craft message may crash the server (#5243) +- Issue 4775 -plugin entryuuid failing (#5229) +- Issue 5239 - Nightly copr builds are broken +- Issue 5237 - audit-ci: Cannot convert undefined or null to object +- Issue 5234 - UI - rename Users and Groups tab +- Issue 5227 - UI - No way to move back to Get Started step (#5233) +- Issue 5217 - Simplify instance creation and administration by non root user (#5224) diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..323fbd6 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,15 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_testing] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_stable] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/jemalloc-5.3.0_throw_bad_alloc.patch b/jemalloc-5.3.0_throw_bad_alloc.patch new file mode 100644 index 0000000..94e4d36 --- /dev/null +++ b/jemalloc-5.3.0_throw_bad_alloc.patch @@ -0,0 +1,41 @@ +#commit 3de0c24859f4413bf03448249078169bb50bda0f +#Author: divanorama +#Date: Thu Sep 29 23:35:59 2022 +0200 +# +# Disable builtin malloc in tests +# +# With `--with-jemalloc-prefix=` and without `-fno-builtin` or `-O1` both clang and gcc may optimize out `malloc` calls +# whose result is unused. Comparing result to NULL also doesn't necessarily count as being used. +# +# This won't be a problem in most client programs as this only concerns really unused pointers, but in +# tests it's important to actually execute allocations. +# `-fno-builtin` should disable this optimization for both gcc and clang, and applying it only to tests code shouldn't hopefully be an issue. +# Another alternative is to force "use" of result but that'd require more changes and may miss some other optimization-related issues. +# +# This should resolve https://github.com/jemalloc/jemalloc/issues/2091 +# +#diff --git a/Makefile.in b/Makefile.in +#index 6809fb29..a964f07e 100644 +#--- a/Makefile.in +#+++ b/Makefile.in +#@@ -458,6 +458,8 @@ $(TESTS_OBJS): $(objroot)test/%.$(O): $(srcroot)test/%.c +# $(TESTS_CPP_OBJS): $(objroot)test/%.$(O): $(srcroot)test/%.cpp +# $(TESTS_OBJS): CPPFLAGS += -I$(srcroot)test/include -I$(objroot)test/include +# $(TESTS_CPP_OBJS): CPPFLAGS += -I$(srcroot)test/include -I$(objroot)test/include +#+$(TESTS_OBJS): CFLAGS += -fno-builtin +#+$(TESTS_CPP_OBJS): CPPFLAGS += -fno-builtin +# ifneq ($(IMPORTLIB),$(SO)) +# $(CPP_OBJS) $(C_SYM_OBJS) $(C_OBJS) $(C_JET_SYM_OBJS) $(C_JET_OBJS): CPPFLAGS += -DDLLEXPORT +# endif +diff --git a/src/jemalloc_cpp.cpp b/src/jemalloc_cpp.cpp +index fffd6aee..5a682991 100644 +--- a/src/jemalloc_cpp.cpp ++++ b/src/jemalloc_cpp.cpp +@@ -93,7 +93,7 @@ handleOOM(std::size_t size, bool nothrow) { + } + + if (ptr == nullptr && !nothrow) +- std::__throw_bad_alloc(); ++ throw std::bad_alloc(); + return ptr; + } diff --git a/main.fmf b/main.fmf new file mode 100644 index 0000000..76d16bf --- /dev/null +++ b/main.fmf @@ -0,0 +1,17 @@ +/plan: + summary: Basic test suite + discover: + how: fmf + execute: + how: tmt + prepare: + - name: install required packages + how: install + package: [389-ds-base, git, pytest] + - name: clone repo + how: shell + script: git clone https://github.com/389ds/389-ds-base /root/ds +/test: + /upstream_basic: + test: pytest -v /root/ds/dirsrvtests/tests/suites/basic/basic_test.py + duration: 30m diff --git a/sources b/sources index 32f1883..7004305 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ -SHA512 (jemalloc-5.2.0.tar.bz2) = e3be4d534770126caf10f2684aed9fe4ba1422dd47625fe50343cfb750f26eff869fcc7d1e30a96dd6c73f6614c4bbcd560fd24fc26b55ac731c43e60fd05234 -SHA512 (389-ds-base-1.4.1.6.tar.bz2) = 0a943453cbcd8b43b4fdc58563c8802d9270d9a3cf4dcd76e3f77168d45e84b8e07d8df8ddadb09ba9294e7ba7e9304ce329bc37edeb16a9161797c902fadc1c +SHA512 (jemalloc-5.3.0.tar.bz2) = 22907bb052096e2caffb6e4e23548aecc5cc9283dce476896a2b1127eee64170e3562fa2e7db9571298814a7a2c7df6e8d1fbe152bd3f3b0c1abec22a2de34b1 +SHA512 (libdb-5.3.28-59.tar.bz2) = 731a434fa2e6487ebb05c458b0437456eb9f7991284beb08cb3e21931e23bdeddddbc95bfabe3a2f9f029fe69cd33a2d4f0f5ce6a9811e9c3b940cb6fde4bf79 +SHA512 (389-ds-base-3.2.0.tar.bz2) = 9ff6aa56b30863c619f4f324344dca72cc883236bfe8d94520e8469d9e306f54b373ee2504eda18dcb0ecda33f915a3e64a6f3cdaa93a69b74d901caa48545e1 diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 4643f2f..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- hosts: localhost - remote_user: root - vars: - ds_repo_url: https://pagure.io/389-ds-base.git - ds_repo_dir: ds - ds_tests: "{{ ds_repo_dir }}/dirsrvtests/tests" - pytest: py.test-3 - pytest_args: "-v --continue-on-collection-errors" - pytest_tests: "suites/basic" - artifacts: ./artifacts - roles: - - role: standard-test-basic - tags: - - classic - repositories: - - repo: "{{ ds_repo_url }}" - dest: "{{ ds_repo_dir }}" - tests: - - basic: - dir: "{{ ds_tests }}" - run: "{{ pytest }} {{ pytest_args }} {{ pytest_tests }}" - required_packages: - - python3-pytest - - 389-ds-base - - 389-ds-base-snmp - - 389-ds-base-legacy-tools