From f3fafbc5183b0e2f96a5bb058e20628531ce165d Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 22 Aug 2017 10:32:21 -0400
Subject: [PATCH 01/26] Bump verison to 1.3.7.2 Ticket 49038 - Fix regression
 from legacy code cleanup Ticket 49295 - Fix CI tests Ticket 48067 - Add
 bugzilla tests for ds_logs Ticket 49356 - mapping tree crash can occur during
 tot init Ticket 49275 - fix compiler warns for gcc 7 Ticket 49248 - Add a
 docstring to account locking test case Ticket 49445 - remove dead code Ticket
 48081 - Add regression tests for pwpolicy Ticket 48056 - Add docstrings to
 basic test suite Ticket 49349 - global name 'imap' is not defined Ticket 83 -
 lib389 - Fix tests and create_test.py Ticket 48185 - Remove
 referint-logchanges attr from referint's config Ticket 48081 - Add regression
 tests for pwpolicy Ticket 83 - lib389 - Replace topology agmt objects Ticket
 49331 - change autoscaling defaults Ticket 49330 - Improve ndn cache
 performance. Ticket 49347 - reproducable build numbers Ticket 39344 -
 changelog ldif import fails Ticket 49337 - Add regression tests for import
 tests Ticket 49309 - syntax checking on referint's delay attr Ticket 49336 -
 SECURITY: Locked account provides different return code Ticket 49332 - Event
 queue is not working Ticket 49313 - Change the retrochangelog default cache
 size Ticket 49329 - Descriptive error msg for USN cleanup task Ticket 49328 -
 Cleanup source code Ticket 49299 - Add normalized dn cache stats to dbmon.sh
 Ticket 49290 - improve idl handling in complex searches Ticket 49328 - Update
 clang-format config file Ticket 49091 - remove usage of changelog semaphore
 Ticket 49275 - shadow warnings for gcc7 - pass 1 Ticket 49316 - fix missing
 not condition in clock cleanu Ticket 49038 - Remove legacy replication Ticket
 49287 - v3 extend csnpl handling to multiple backends Ticket 49310 - remove
 sds logging in debug builds Ticket 49031 - Improve memberof with a cache of
 group parents Ticket 49316 - Fix clock unsafety in DS Ticket 48210 - Add IP
 addr and connid to monitor output Ticket 49295 - Fix CI tests and compiler
 warnings Ticket 49295 - Fix CI tests Ticket 49305 - Improve atomic behaviours
 in 389-ds Ticket 49298 - fix missing header Ticket 49314 - Add untracked
 files to the .gitignore Ticket 49303 - Fix error in CI test Ticket 49302 -
 fix dirsrv importst due to lib389 change Ticket 49303 - Add option to disable
 TLS client-initiated renegotiation Ticket 49298 - force sync() on shutdown
 Ticket 49306 - make -f rpm.mk rpms produces build without tcmalloc enabled
 Ticket 49297 - improve search perf in bpt by removing a deref Ticket 49284 -
 resolve crash in memberof when deleting attrs Ticket 49290 - unindexed range
 searches don't provide notes=U Ticket 49301 - Add one logpipe test case

---
 .gitignore       |  1 +
 389-ds-base.spec | 91 ++++++++++++++++++++++++++++++------------------
 sources          |  2 +-
 3 files changed, 59 insertions(+), 35 deletions(-)

diff --git a/.gitignore b/.gitignore
index 124c0ed..6a25292 100644
--- a/.gitignore
+++ b/.gitignore
@@ -147,3 +147,4 @@
 /389-ds-base-1.3.6.5.tar.bz2
 /389-ds-base-1.3.6.6.tar.bz2
 /389-ds-base-1.3.7.1.tar.bz2
+/389-ds-base-1.3.7.2.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 5616ce7..5d5f06d 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -8,8 +8,6 @@
 # also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
 #% global relprefix 0.
 
-%global use_openldap 1
-%global use_db4 0
 # If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
 %global use_Socket6 0
 
@@ -31,8 +29,8 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.1
-Release:          %{?relprefix}2%{?prerel}%{?dist}.5
+Version:          1.3.7.2
+Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
 Group:            System Environment/Daemons
@@ -46,16 +44,8 @@ BuildRequires:    nspr-devel
 BuildRequires:    nss-devel
 BuildRequires:    perl-generators
 BuildRequires:    svrcore-devel >= 4.1.3
-%if %{use_openldap}
 BuildRequires:    openldap-devel
-%else
-BuildRequires:    mozldap-devel
-%endif
-%if %{use_db4}
-BuildRequires:    db4-devel
-%else
 BuildRequires:    libdb-devel
-%endif
 BuildRequires:    cyrus-sasl-devel
 BuildRequires:    icu
 BuildRequires:    libicu-devel
@@ -99,11 +89,8 @@ Requires:         /usr/sbin/semanage
 Requires:         libsemanage-python
 
 # the following are needed for some of our scripts
-%if %{use_openldap}
 Requires:         openldap-clients
-%else
-Requires:         mozldap-tools
-%endif
+
 # use_openldap assumes perl-Mozilla-LDAP is built with openldap support
 Requires:         perl-Mozilla-LDAP
 
@@ -117,11 +104,7 @@ Requires:         cyrus-sasl-gssapi
 Requires:         cyrus-sasl-md5
 
 # this is needed for verify-db.pl
-%if %{use_db4}
-Requires:         db4-utils
-%else
 Requires:         libdb-utils
-%endif
 
 # This picks up libperl.so as a Requires, so we add this versioned one
 Requires:         perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@@ -163,16 +146,8 @@ Group:            System Environment/Daemons
 BuildRequires:    nspr-devel
 BuildRequires:    nss-devel
 BuildRequires:    svrcore-devel >= 4.1.3
-%if %{use_openldap}
 BuildRequires:    openldap-devel
-%else
-BuildRequires:    mozldap-devel
-%endif
-%if %{use_db4}
-BuildRequires:    db4-devel
-%else
 BuildRequires:    libdb-devel
-%endif
 BuildRequires:    cyrus-sasl-devel
 BuildRequires:    libicu-devel
 BuildRequires:    pcre-devel
@@ -195,11 +170,7 @@ Requires:         pkgconfig
 Requires:         nspr-devel
 Requires:         nss-devel
 Requires:         svrcore-devel >= 4.1.3
-%if %{use_openldap}
 Requires:         openldap-devel
-%else
-Requires:         mozldap-devel
-%endif
 Requires:         libtalloc
 Requires:         libevent
 Requires:         libtevent
@@ -240,9 +211,7 @@ sed -r -i '1s|^#!\s*/usr/bin.*python.*|#!%{__python3}|' ldap/admin/src/scripts/{
 
 %build
 
-%if %{use_openldap}
 OPENLDAP_FLAG="--with-openldap"
-%endif
 %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
 # hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
 NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
@@ -507,6 +476,60 @@ fi
 %{python3_sitelib}/*
 
 %changelog
+* Tue Aug 22 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.2-1
+- Bump verison to 1.3.7.2
+- Ticket 49038 - Fix regression from legacy code cleanup
+- Ticket 49295 - Fix CI tests
+- Ticket 48067 - Add bugzilla tests for ds_logs
+- Ticket 49356 - mapping tree crash can occur during tot init
+- Ticket 49275 - fix compiler warns for gcc 7
+- Ticket 49248 - Add a docstring to account locking test case
+- Ticket 49445 - remove dead code
+- Ticket 48081 - Add regression tests for pwpolicy
+- Ticket 48056 - Add docstrings to basic test suite
+- Ticket 49349 - global name 'imap' is not defined
+- Ticket 83 - lib389 - Fix tests and create_test.py
+- Ticket 48185 - Remove referint-logchanges attr from referint's config
+- Ticket 48081 - Add regression tests for pwpolicy
+- Ticket 83 - lib389 - Replace topology agmt objects
+- Ticket 49331 - change autoscaling defaults
+- Ticket 49330 - Improve ndn cache performance.
+- Ticket 49347 - reproducable build numbers
+- Ticket 39344 - changelog ldif import fails
+- Ticket 49337 - Add regression tests for import tests
+- Ticket 49309 - syntax checking on referint's delay attr
+- Ticket 49336 - SECURITY: Locked account provides different return code
+- Ticket 49332 - Event queue is not working
+- Ticket 49313 - Change the retrochangelog default cache size
+- Ticket 49329 - Descriptive error msg for USN cleanup task
+- Ticket 49328 - Cleanup source code
+- Ticket 49299 - Add normalized dn cache stats to dbmon.sh
+- Ticket 49290 - improve idl handling in complex searches
+- Ticket 49328 - Update clang-format config file
+- Ticket 49091 - remove usage of changelog semaphore
+- Ticket 49275 - shadow warnings for gcc7 - pass 1
+- Ticket 49316 - fix missing not condition in clock cleanu
+- Ticket 49038 - Remove legacy replication
+- Ticket 49287 - v3 extend csnpl handling to multiple backends
+- Ticket 49310 - remove sds logging in debug builds
+- Ticket 49031 - Improve memberof with a cache of group parents
+- Ticket 49316 - Fix clock unsafety in DS
+- Ticket 48210 - Add IP addr and connid to monitor output
+- Ticket 49295 - Fix CI tests and compiler warnings
+- Ticket 49295 - Fix CI tests
+- Ticket 49305 - Improve atomic behaviours in 389-ds
+- Ticket 49298 - fix missing header
+- Ticket 49314 - Add untracked files to the .gitignore
+- Ticket 49303 - Fix error in CI test
+- Ticket 49302 - fix dirsrv importst due to lib389 change
+- Ticket 49303 - Add option to disable TLS client-initiated renegotiation
+- Ticket 49298 - force sync() on shutdown
+- Ticket 49306 - make -f rpm.mk rpms produces build without tcmalloc enabled
+- Ticket 49297 - improve search perf in bpt by removing a deref
+- Ticket 49284 - resolve crash in memberof when deleting attrs
+- Ticket 49290 - unindexed range searches don't provide notes=U
+- Ticket 49301 - Add one logpipe test case
+
 * Fri Aug 11 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.3.7.1-2.5
 - Rebuilt after RPM update (№ 3)
 
diff --git a/sources b/sources
index d5e411e..460372d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.1.tar.bz2) = cc8985afe08b7f3ae637b92f12f846dcc452291ee56e5333840d93edf83ba89c6516342eb7fc302f2a0981508d5ec15b05e5c41dc327dd2af7276b2fdab83a1f
+SHA512 (389-ds-base-1.3.7.2.tar.bz2) = 3dd942cff18acfc7453f5798dfe9925c04b918e3d2760bbec1cd35571ea9c619e9652b71c8dc5407ffe89398217454d744e336ff5d201c93699e3dba1077aac9

From 81279ee535a289c9d85338441599227c9893916e Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 1 Sep 2017 10:50:09 -0400
Subject: [PATCH 02/26] Bump version to 1.3.7.3 Ticket 49354 - fix regression
 in total init due to mistake in range fetch Ticket 49370 - local password
 policies should use the same defaults as the global policy Ticket 48989 -
 Delete slow lib389 test Ticket 49367 - missing braces in idsktune Ticket
 49364 - incorrect function declaration. Ticket 49275 - fix tls auth
 regression Ticket 49038 - Revise creation of cn=replication,cn=config Ticket
 49368 - Fix typo in log message Ticket 48059 - Add docstrings to CLU tests
 Ticket 47840 - Add docstrings to setup tests Ticket 49348 - support perlless
 and wrapperless install

---
 .gitignore       |  1 +
 389-ds-base.spec | 16 +++++++++++++++-
 sources          |  2 +-
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6a25292..db86e23 100644
--- a/.gitignore
+++ b/.gitignore
@@ -148,3 +148,4 @@
 /389-ds-base-1.3.6.6.tar.bz2
 /389-ds-base-1.3.7.1.tar.bz2
 /389-ds-base-1.3.7.2.tar.bz2
+/389-ds-base-1.3.7.3.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 5d5f06d..f421fb4 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.2
+Version:          1.3.7.3
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -476,6 +476,20 @@ fi
 %{python3_sitelib}/*
 
 %changelog
+* Fri Sep 1 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.3-1
+- Bump version to 1.3.7.3
+- Ticket 49354 - fix regression in total init due to mistake in range fetch
+- Ticket 49370 - local password policies should use the same defaults as the global policy
+- Ticket 48989 - Delete slow lib389 test
+- Ticket 49367 - missing braces in idsktune
+- Ticket 49364 - incorrect function declaration.
+- Ticket 49275 - fix tls auth regression
+- Ticket 49038 - Revise creation of cn=replication,cn=config
+- Ticket 49368 - Fix typo in log message
+- Ticket 48059 - Add docstrings to CLU tests
+- Ticket 47840 - Add docstrings to setup tests
+- Ticket 49348 - support perlless and wrapperless install
+
 * Tue Aug 22 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.2-1
 - Bump verison to 1.3.7.2
 - Ticket 49038 - Fix regression from legacy code cleanup
diff --git a/sources b/sources
index 460372d..137d209 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.2.tar.bz2) = 3dd942cff18acfc7453f5798dfe9925c04b918e3d2760bbec1cd35571ea9c619e9652b71c8dc5407ffe89398217454d744e336ff5d201c93699e3dba1077aac9
+SHA512 (389-ds-base-1.3.7.3.tar.bz2) = 1f1fa3cbe44af3cdbb205fc49790ccdf66d9653849c537a8c32b57477fb66b91697c1da58112aa0bacfdcdf2a7925365904dc7f4488ece258159c5c74f850aba

From 40e60f161f7d697d207faf1b8814f82c450246ce Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 6 Sep 2017 09:45:10 -0400
Subject: [PATCH 03/26] Bump version to 1.3.7.4 Ticket 49371 - Cleanup update
 script Ticket 48831 - Autotune dncache with entry cache. Ticket 49312 -
 pwdhash -D used default hash algo Ticket 49043 - make replication conflicts
 transparent to clients Ticket 49371 - Fix rpm build Ticket 49371 - Template
 dse.ldif did not contain all needed plugins Ticket 49295 - Fix CI Tests
 Ticket 49050 - make objectclass ldapsubentry effective immediately

---
 .gitignore       |  1 +
 389-ds-base.spec | 15 +++++++++++++--
 sources          |  2 +-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index db86e23..20e715a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -149,3 +149,4 @@
 /389-ds-base-1.3.7.1.tar.bz2
 /389-ds-base-1.3.7.2.tar.bz2
 /389-ds-base-1.3.7.3.tar.bz2
+/389-ds-base-1.3.7.4.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index f421fb4..c3a1c92 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.3
+Version:          1.3.7.4
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -185,7 +185,7 @@ Group:            System Environment/Daemons
 Requires:         %{name} = %{version}-%{release}
 
 # upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
-Obsoletes:        %{name} <= 1.3.6.2
+Obsoletes:        %{name} <= 1.3.7.3
 
 %description      snmp
 SNMP Agent for the 389 Directory Server base package.
@@ -476,6 +476,17 @@ fi
 %{python3_sitelib}/*
 
 %changelog
+* Wed Sep 6 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.4-1
+- Bump version to 1.3.7.4
+- Ticket 49371 - Cleanup update script
+- Ticket 48831 - Autotune dncache with entry cache.
+- Ticket 49312 - pwdhash -D used default hash algo
+- Ticket 49043 - make replication conflicts transparent to clients
+- Ticket 49371 - Fix rpm build
+- Ticket 49371 - Template dse.ldif did not contain all needed plugins
+- Ticket 49295 - Fix CI Tests
+- Ticket 49050 - make objectclass ldapsubentry effective immediately
+
 * Fri Sep 1 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.3-1
 - Bump version to 1.3.7.3
 - Ticket 49354 - fix regression in total init due to mistake in range fetch
diff --git a/sources b/sources
index 137d209..d833165 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.3.tar.bz2) = 1f1fa3cbe44af3cdbb205fc49790ccdf66d9653849c537a8c32b57477fb66b91697c1da58112aa0bacfdcdf2a7925365904dc7f4488ece258159c5c74f850aba
+SHA512 (389-ds-base-1.3.7.4.tar.bz2) = 0e16a497a309c7f5364d1ef1c871f59b639f2b7ff29cea14697cb451aa105c01d11f2111427de3dbc6893cd354bcc77066ef1e0db248df1e14177b1045d74038

From 5f55302a1fbb8708218199c4683b10d503bb5cc1 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 6 Sep 2017 10:32:33 -0400
Subject: [PATCH 04/26] Update source location

---
 389-ds-base.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/389-ds-base.spec b/389-ds-base.spec
index c3a1c92..4b7f462 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -131,7 +131,7 @@ Requires:         svrcore >= 4.1.3
 # upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
 Obsoletes:        %{name} <= 1.3.5.4
 
-Source0:          http://www.port389.org/binaries/%{name}-%{version}%{?prerel}.tar.bz2
+Source0:          https://releases.pagure.org/389-ds-base/%{name}-%{version}%{?prerel}.tar.bz2
 # 389-ds-git.sh should be used to generate the source tarball from git
 Source1:          %{name}-git.sh
 Source2:          %{name}-devel.README

From 5d891d78f923694e46343719a3072018b1bfaef7 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 22 Sep 2017 13:09:13 -0400
Subject: [PATCH 05/26] Bump version to 1.3.7.5 Ticket 49327 - Add CI test for
 password expiration controls Ticket 48085 - CI tests - replication ruvstore
 Ticket 49381 - Refactor numerous suite docstrings Ticket 48085 - CI tests -
 replication cl5 Ticket 49379 - Allowed sasl mapping requires restart Ticket
 49327 - password expired control not sent during grace logins Ticket 49380 -
 Add CI test Ticket 83 - Fix create_test.py imports Ticket 49381 - Add
 docstrings to ds_logs, gssapi_repl, betxn Ticket 49380 - Crash when adding
 invalid replication agreement Ticket 48081 - CI test - password Ticket 49295
 - Fix CI tests Ticket 49295 - Fix CI test for account policy Ticket 49295 -
 Fix CI tests Ticket 49373 - remove unused header file

---
 .gitignore       |  1 +
 389-ds-base.spec | 20 +++++++++++++++++++-
 sources          |  2 +-
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 20e715a..5d68147 100644
--- a/.gitignore
+++ b/.gitignore
@@ -150,3 +150,4 @@
 /389-ds-base-1.3.7.2.tar.bz2
 /389-ds-base-1.3.7.3.tar.bz2
 /389-ds-base-1.3.7.4.tar.bz2
+/389-ds-base-1.3.7.5.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 4b7f462..fb70b9d 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.4
+Version:          1.3.7.5
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -476,6 +476,24 @@ fi
 %{python3_sitelib}/*
 
 %changelog
+* Fri Sep 22 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.5-1
+- Bump version to 1.3.7.5
+- Ticket 49327 - Add CI test for password expiration controls
+- Ticket #48085 - CI tests - replication ruvstore
+- Ticket 49381 - Refactor numerous suite docstrings
+- Ticket #48085 - CI tests - replication cl5
+- Ticket 49379 - Allowed sasl mapping requires restart
+- Ticket 49327 - password expired control not sent during grace logins
+- Ticket 49380 - Add CI test
+- Ticket 83 - Fix create_test.py imports
+- Ticket 49381 - Add docstrings to ds_logs, gssapi_repl, betxn
+- Ticket 49380 - Crash when adding invalid replication agreement
+- Ticket 48081 - CI test - password
+- Ticket 49295 - Fix CI tests
+- Ticket 49295 - Fix CI test for account policy
+- Ticket 49295 - Fix CI tests
+- Ticket 49373 - remove unused header file
+
 * Wed Sep 6 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.4-1
 - Bump version to 1.3.7.4
 - Ticket 49371 - Cleanup update script
diff --git a/sources b/sources
index d833165..0c54cb9 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.4.tar.bz2) = 0e16a497a309c7f5364d1ef1c871f59b639f2b7ff29cea14697cb451aa105c01d11f2111427de3dbc6893cd354bcc77066ef1e0db248df1e14177b1045d74038
+SHA512 (389-ds-base-1.3.7.5.tar.bz2) = 13cdb8839064f7db34e9b2f7447e9049a22f34bedd01c4ddea1c413224af366bcc015f1e73230031b251db58bc4c5ab4cfd7ec18b0146bce74e4cab7a976d866

From 6029f982cfc2e49203550b9c7474df94b14e58da Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 9 Oct 2017 10:56:33 -0400
Subject: [PATCH 06/26] Bump verson to 1.3.7.6 Ticket 49038 - remove legacy
 replication - change cleanup script precedence Ticket 49392 - memavailable
 not available Ticket 49320 - Activating already active role returns error 16
 Ticket 49389 - unable to retrieve specific cosAttribute when subtree password
 policy is configured Ticket 49092 - Add CI test for schema-reload Ticket
 49388 - repl-monitor - matches null string many times in regex Ticket 49385 -
 Fix coverity warnings Ticket 49305 - Need to wrap atomic calls Ticket 49180 -
 errors log filled with attrlist_replace - attr_replace

---
 .gitignore       |  1 +
 389-ds-base.spec | 18 +++++++++++++++---
 sources          |  2 +-
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index 5d68147..9d1585b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -151,3 +151,4 @@
 /389-ds-base-1.3.7.3.tar.bz2
 /389-ds-base-1.3.7.4.tar.bz2
 /389-ds-base-1.3.7.5.tar.bz2
+/389-ds-base-1.3.7.6.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index fb70b9d..43d1373 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.5
+Version:          1.3.7.6
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -332,9 +332,9 @@ echo remove pid files . . . >> $output 2>&1 || :
 echo upgrading instances . . . >> $output 2>&1 || :
 DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
 if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
-    %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
+    %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
 else
-    %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
+    %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || :
 fi
 
 # restart instances that require it
@@ -476,6 +476,18 @@ fi
 %{python3_sitelib}/*
 
 %changelog
+* Mon Oct 9 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.6-1
+- Bump verson to 1.3.7.6
+- Ticket 49038 - remove legacy replication - change cleanup script precedence
+- Ticket 49392 - memavailable not available
+- Ticket 49320 - Activating already active role returns error 16
+- Ticket 49389 - unable to retrieve specific cosAttribute when subtree password policy is configured
+- Ticket 49092 - Add CI test for schema-reload
+- Ticket 49388 - repl-monitor - matches null string many times in regex
+- Ticket 49385 - Fix coverity warnings
+- Ticket 49305 - Need to wrap atomic calls
+- Ticket 49180 - errors log filled with attrlist_replace - attr_replace
+
 * Fri Sep 22 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.5-1
 - Bump version to 1.3.7.5
 - Ticket 49327 - Add CI test for password expiration controls
diff --git a/sources b/sources
index 0c54cb9..6051f60 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.5.tar.bz2) = 13cdb8839064f7db34e9b2f7447e9049a22f34bedd01c4ddea1c413224af366bcc015f1e73230031b251db58bc4c5ab4cfd7ec18b0146bce74e4cab7a976d866
+SHA512 (389-ds-base-1.3.7.6.tar.bz2) = 4a0c50b9b88c9e29e7a16b17ddab4c2930e0519e8bb61f93326e3afefd73808bfbd197d4eb5f670cef1804acaca19e8c4e29c4daa3a7248941d8621119581183

From c64ff57a364f9ced21b6a40dbb87792372d638d2 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 18 Oct 2017 15:51:19 -0400
Subject: [PATCH 07/26] Set selinux-policy version

---
 389-ds-base.spec | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/389-ds-base.spec b/389-ds-base.spec
index 43d1373..8318cbc 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -88,6 +88,8 @@ Requires:         policycoreutils-python-utils
 Requires:         /usr/sbin/semanage
 Requires:         libsemanage-python
 
+Requires:         selinux-policy >= 3.13.1-137
+
 # the following are needed for some of our scripts
 Requires:         openldap-clients
 

From 8a1c73836d1f8327f0a639aa13db747afb2daa4f Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 3 Nov 2017 14:35:36 -0400
Subject: [PATCH 08/26] Bump version to 1.3.7.7 Ticket 48393 - fix copy and
 paste error Ticket 49439 - cleanallruv is not logging information Ticket
 48393 - Improve replication config validation Ticket 49436 - double free in
 COS in some conditions Ticket 48007 - CI test to test changelog trimming
 interval Ticket 49424 - Resolve csiphash alignment issues Ticket 49401 - Fix
 compiler incompatible-pointer-types warnings Ticket 49401 - improve valueset
 sorted performance on delete Ticket 48894 - harden
 valueset_array_to_sorted_quick valueset  access Ticket 48681 - Use of
 uninitialized value in string ne at /usr/bin/logconv.pl Ticket 49374 - server
 fails to start because maxdisksize is recognized incorrectly Ticket 49408 -
 Server allows to set any nsds5replicaid in the existing replica entry Ticket
 49407 - status-dirsrv shows ellipsed lines Ticket 48681 - Use of
 uninitialized value in string ne at /usr/bin/logconv.pl line 2565, <$LOGFH>
 line 4 Ticket 49386 - Memberof should be ignore MODRDN when the pre/post
 entry are identical Ticket 48006 - Missing warning for invalid replica
 backoff  configuration Ticket 49378 - server init fails Ticket 49064 -
 testcase hardening Ticket 49064 - RFE allow to enable MemberOf plugin in
 dedicated consumer Ticket 49402 - Adding a database entry with the same
 database name that was deleted hangs server at shutdown Ticket 49394 -
 slapi_pblock_get may leave unchanged the provided variable Ticket 48235 -
 remove memberof lock (cherry-pick error) Ticket 48235 - Remove memberOf
 global lock Ticket 49363 - Merge lib389, all lib389 history in single patch

---
 .gitignore       |  1 +
 389-ds-base.spec | 94 +++++++++++++++++++++++++++++++++++++++++++-----
 sources          |  2 +-
 3 files changed, 88 insertions(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore
index 9d1585b..785cadf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -152,3 +152,4 @@
 /389-ds-base-1.3.7.4.tar.bz2
 /389-ds-base-1.3.7.5.tar.bz2
 /389-ds-base-1.3.7.6.tar.bz2
+/389-ds-base-1.3.7.7.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 8318cbc..43a56ec 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.6
+Version:          1.3.7.7
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -70,6 +70,9 @@ BuildRequires:    libtool
 BuildRequires:    doxygen
 # For tests!
 BuildRequires:    libcmocka-devel
+BuildRequires:    python%{python3_pkgversion}
+BuildRequires:    python%{python3_pkgversion}-devel
+BuildRequires:    python%{python3_pkgversion}-setuptools
 BuildRequires:    libevent-devel
 %if %{use_tcmalloc}
 BuildRequires:    gperftools-devel
@@ -192,13 +195,33 @@ Obsoletes:        %{name} <= 1.3.7.3
 %description      snmp
 SNMP Agent for the 389 Directory Server base package.
 
+%package -n python%{python3_pkgversion}-lib389
+Summary:  A library for accessing, testing, and configuring the 389 Directory Server
+BuildArch:        noarch
+Group:            Development/Libraries
+Requires: krb5-workstation
+Requires: krb5-server
+Requires: openssl
+Requires: iproute
+Requires: python%{python3_pkgversion}
+Requires: python%{python3_pkgversion}-pytest
+Requires: python%{python3_pkgversion}-pyldap
+Requires: python%{python3_pkgversion}-six
+Requires: python%{python3_pkgversion}-pyasn1
+Requires: python%{python3_pkgversion}-pyasn1-modules
+Requires: python%{python3_pkgversion}-dateutil
+%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
+
+%description -n python%{python3_pkgversion}-lib389
+This module contains tools and libraries for accessing, testing,
+ and configuring the 389 Directory Server.
+
 %package -n python%{python3_pkgversion}-%{srcname}-tests
 Summary:          The lib389 Continuous Integration Tests
 Group:            Development/Libraries
 BuildArch:        noarch
+Requires:         python%{python3_pkgversion}
 Requires:         python%{python3_pkgversion}-lib389
-BuildRequires:    python%{python3_pkgversion}-devel
-BuildRequires:    python%{python3_pkgversion}-setuptools
 
 %description  -n  python%{python3_pkgversion}-%{srcname}-tests
 The lib389 CI tests that can be run against the Directory Server.
@@ -230,18 +253,25 @@ autoreconf -fiv
            --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
            --with-perldir=/usr/bin \
            --with-pythonexec=%{__python3} \
-           --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \
-           --with-systemd --enable-nunc-stans $TCMALLOC_FLAGS
+           --with-systemdgroupname=%{groupname} $NSSARGS \
+           --with-systemd $TCMALLOC_FLAGS
 
 # Generate symbolic info for debuggers
 export XCFLAGS=$RPM_OPT_FLAGS
 
 make %{?_smp_mflags}
 
+%if 0%{?rhel} >= 8 || 0%{?fedora}
 make setup.py
 
-#%py2_build
+# lib389
+pushd ./src/lib389
 %py3_build
+popd
+
+# tests
+%py3_build
+%endif
 
 %install
 
@@ -251,8 +281,16 @@ mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
 # Copy in our docs from doxygen.
 cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
 
-#%py2_install
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+# lib389
+pushd src/lib389
 %py3_install
+popd
+
+# tests
+%py3_install
+%endif
+
 
 mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
 mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
@@ -472,12 +510,52 @@ fi
 %{_mandir}/man1/ldap-agent.1.gz
 %{_unitdir}/%{pkgname}-snmp.service
 
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%files -n python%{python3_pkgversion}-lib389
+%defattr(-,root,root,-)
+%doc LICENSE LICENSE.GPLv3+
+%{_sbindir}/dsconf
+%{_sbindir}/dscreate
+%{_sbindir}/dsctl
+%{_sbindir}/dsidm
+%{python3_sitelib}/lib389*
+%endif
+
+%if 0%{?rhel} >= 8 || 0%{?fedora}
 %files -n python%{python3_pkgversion}-%{srcname}-tests
 %defattr(-,root,root,-)
 %doc LICENSE LICENSE.GPLv3+
-%{python3_sitelib}/*
+%{python3_sitelib}/dirsrvtests*
+%endif
 
 %changelog
+* Fri Nov 3 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.7-1
+- Bump version to 1.3.7.7
+- Ticket 48393 - fix copy and paste error
+- Ticket 49439 - cleanallruv is not logging information
+- Ticket 48393 - Improve replication config validation
+- Ticket 49436 - double free in COS in some conditions
+- Ticket 48007 - CI test to test changelog trimming interval
+- Ticket 49424 - Resolve csiphash alignment issues
+- Ticket 49401 - Fix compiler incompatible-pointer-types warnings
+- Ticket 49401 - improve valueset sorted performance on delete
+- Ticket 48894 - harden valueset_array_to_sorted_quick valueset  access
+- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl
+- Ticket 49374 - server fails to start because maxdisksize is recognized incorrectly
+- Ticket 49408 - Server allows to set any nsds5replicaid in the existing replica entry
+- Ticket 49407 - status-dirsrv shows ellipsed lines
+- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl line 2565, <$LOGFH> line 4
+- Ticket 49386 - Memberof should be ignore MODRDN when the pre/post entry are identical
+- Ticket 48006 - Missing warning for invalid replica backoff  configuration
+- Ticket 49378 - server init fails
+- Ticket 49064 - testcase hardening
+- Ticket 49064 - RFE allow to enable MemberOf plugin in dedicated consumer
+- Ticket 49402 - Adding a database entry with the same database name that was deleted hangs server at shutdown
+- Ticket 49394 - slapi_pblock_get may leave unchanged the provided variable
+- Ticket 48235 - remove memberof lock (cherry-pick error)
+- Ticket 48235 - Remove memberOf global lock
+- Ticket 49363 - Merge lib389, all lib389 history in single patch
+
 * Mon Oct 9 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.6-1
 - Bump verson to 1.3.7.6
 - Ticket 49038 - remove legacy replication - change cleanup script precedence
diff --git a/sources b/sources
index 6051f60..f05c94b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.6.tar.bz2) = 4a0c50b9b88c9e29e7a16b17ddab4c2930e0519e8bb61f93326e3afefd73808bfbd197d4eb5f670cef1804acaca19e8c4e29c4daa3a7248941d8621119581183
+SHA512 (389-ds-base-1.3.7.7.tar.bz2) = 72b5e330eae73c40d786ae8cfbf563fa70b52a74ab4adacc23bf27ff431a36b2d49e336ae55dc0191bdfd37ceed935935e038871a59a00d08723f1a42f012dfc

From b45cb645acb0e47ad955e3497e6eba881b29c898 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 20 Nov 2017 11:48:12 -0500
Subject: [PATCH 09/26] Bump version to 1.3.7.8 Ticket 49298 - fix complier
 warn Ticket 49298 - Correct error codes with config restore. Ticket 49435 -
 Fix NS race condition on loaded test systems Ticket 49454 - SSL Client
 Authentication breaks in FIPS mode Ticket 49410 - opened connection can
 remain no longer poll, like hanging Ticket 48118 - fix compiler warning for
 incorrect return type Ticket 49443 - scope one searches in 1.3.7 give
 incorrect results Ticket 48118 - At startup, changelog can be erronously
 rebuilt after a normal shutdown Ticket 49377 - Incoming BER too large with
 TLS on plain port Ticket 49441 - Import crashes with large indexed binary 
 attributes

---
 .gitignore       |  1 +
 389-ds-base.spec | 16 +++++++++++++++-
 sources          |  2 +-
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 785cadf..55d8f24 100644
--- a/.gitignore
+++ b/.gitignore
@@ -153,3 +153,4 @@
 /389-ds-base-1.3.7.5.tar.bz2
 /389-ds-base-1.3.7.6.tar.bz2
 /389-ds-base-1.3.7.7.tar.bz2
+/389-ds-base-1.3.7.8.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 43a56ec..bf26b98 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.7
+Version:          1.3.7.8
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -95,6 +95,7 @@ Requires:         selinux-policy >= 3.13.1-137
 
 # the following are needed for some of our scripts
 Requires:         openldap-clients
+Requires:         python-ldap
 
 # use_openldap assumes perl-Mozilla-LDAP is built with openldap support
 Requires:         perl-Mozilla-LDAP
@@ -529,6 +530,19 @@ fi
 %endif
 
 %changelog
+* Mon Nov 20 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.8-1
+- Bump version to 1.3.7.8
+- Ticket 49298 - fix complier warn
+- Ticket 49298 - Correct error codes with config restore.
+- Ticket 49435 - Fix NS race condition on loaded test systems
+- Ticket 49454 - SSL Client Authentication breaks in FIPS mode
+- Ticket 49410 - opened connection can remain no longer poll, like hanging
+- Ticket 48118 - fix compiler warning for incorrect return type
+- Ticket 49443 - scope one searches in 1.3.7 give incorrect results
+- Ticket 48118 - At startup, changelog can be erronously rebuilt after a normal shutdown
+- Ticket 49377 - Incoming BER too large with TLS on plain port
+- Ticket 49441 - Import crashes with large indexed binary  attributes
+
 * Fri Nov 3 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.7-1
 - Bump version to 1.3.7.7
 - Ticket 48393 - fix copy and paste error
diff --git a/sources b/sources
index f05c94b..6df7b26 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.7.tar.bz2) = 72b5e330eae73c40d786ae8cfbf563fa70b52a74ab4adacc23bf27ff431a36b2d49e336ae55dc0191bdfd37ceed935935e038871a59a00d08723f1a42f012dfc
+SHA512 (389-ds-base-1.3.7.8.tar.bz2) = 356e6582dce0d1aab9f2161d0d21775d19f94f014414f8a835639900834ac62d4f87b6e0a15e10b4479a3ff2e156edd4b9908102e4f74baf4389c99f94430532

From f1bd515c0dc33171a94c4abfa9d8013ca2e40014 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 31 Jan 2018 13:49:02 -0500
Subject: [PATCH 10/26] Bump version to 1.3.7.9 CVE-2017-15134 - Remote DoS via
 search filters in  slapi_filter_sprintf Ticket 49546 - Fix broken snmp MIB
 file Ticket 49541 - Replica ID config validation fix Ticket 49370 - Crash
 when using a global and local pw  policies Ticket 49540 - Indexing task is
 reported finished too early regarding the backend status Ticket 49534 - Fix
 coverity regression Ticket 49541 - repl config should not allow rid 65535 for
 masters Ticket 49370 - Add all the password policy defaults to a new local
 policy Ticket 49526 - Improve create_test.py script Ticket 49534 - Fix
 coverity issues and regression Ticket 49523 - memberof: schema violation
 error message is confusing as memberof will likely repair target entry Ticket
 49532 - coverity issues - fix compiler warnings & clang issues Ticket 49463 -
 After cleanALLruv, there is a flow of keep alive DEL Ticket 48184 - close
 connections at shutdown cleanly. Ticket 49509 - Indexing of internationalized
 matching rules is failing Ticket 49531 - coverity issues - fix memory leaks
 Ticket 49529 - Fix Coverity warnings: invalid deferences Ticket 49413 -
 Changelog trimming ignores disabled replica-agreement Ticket 49446 -
 cleanallruv should ignore cleaned replica Id in processing changelog if in
 force mode Ticket 49278 - GetEffectiveRights gives false-negative Ticket
 49524 - Password policy: minimum token length fails  when the token length is
 equal to attribute length Ticket 49493 - heap use after free in csn_as_string
 Ticket 49495 - Fix memory management is vattr. Ticket 49471 -
 heap-buffer-overflow in ss_unescape Ticket 49449 - Load sysctl values on rpm
 upgrade. Ticket 49470 - overflow in pblock_get Ticket 49474 - sasl allow
 mechs does not operate correctly Ticket 49460 - replica_write_ruv log a
 failure even when it succeeds

---
 .gitignore       |  1 +
 389-ds-base.spec | 39 +++++++++++++++++++++++++++++++++++----
 sources          |  2 +-
 3 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 55d8f24..c8a2284 100644
--- a/.gitignore
+++ b/.gitignore
@@ -154,3 +154,4 @@
 /389-ds-base-1.3.7.6.tar.bz2
 /389-ds-base-1.3.7.7.tar.bz2
 /389-ds-base-1.3.7.8.tar.bz2
+/389-ds-base-1.3.7.9.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index bf26b98..bc2adba 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.8
+Version:          1.3.7.9
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -41,7 +41,7 @@ Requires:         %{name}-libs = %{version}-%{release}
 Provides:         ldif2ldbm >= 0
 
 BuildRequires:    nspr-devel
-BuildRequires:    nss-devel
+BuildRequires:    nss-devel >= 3.34
 BuildRequires:    perl-generators
 BuildRequires:    svrcore-devel >= 4.1.3
 BuildRequires:    openldap-devel
@@ -150,7 +150,7 @@ the LDAP server and command line utilities for server administration.
 Summary:          Core libraries for 389 Directory Server
 Group:            System Environment/Daemons
 BuildRequires:    nspr-devel
-BuildRequires:    nss-devel
+BuildRequires:    nss-devel >= 3.34
 BuildRequires:    svrcore-devel >= 4.1.3
 BuildRequires:    openldap-devel
 BuildRequires:    libdb-devel
@@ -174,7 +174,7 @@ Group:            Development/Libraries
 Requires:         %{name}-libs = %{version}-%{release}
 Requires:         pkgconfig
 Requires:         nspr-devel
-Requires:         nss-devel
+Requires:         nss-devel >= 3.34
 Requires:         svrcore-devel >= 4.1.3
 Requires:         openldap-devel
 Requires:         libtalloc
@@ -530,6 +530,37 @@ fi
 %endif
 
 %changelog
+* Wed Jan 31 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.9-1
+- Bump version to 1.3.7.9
+- CVE-2017-15134 - Remote DoS via search filters in  slapi_filter_sprintf
+- Ticket 49546 - Fix broken snmp MIB file
+- Ticket 49541 - Replica ID config validation fix
+- Ticket 49370 - Crash when using a global and local pw  policies
+- Ticket 49540 - Indexing task is reported finished too early regarding the backend status
+- Ticket 49534 - Fix coverity regression
+- Ticket 49541 - repl config should not allow rid 65535 for masters
+- Ticket 49370 - Add all the password policy defaults to a new local policy
+- Ticket 49526 - Improve create_test.py script
+- Ticket 49534 - Fix coverity issues and regression
+- Ticket 49523 - memberof: schema violation error message is confusing as memberof will likely repair target entry
+- Ticket 49532 - coverity issues - fix compiler warnings & clang issues
+- Ticket 49463 - After cleanALLruv, there is a flow of keep alive DEL
+- Ticket 48184 - close connections at shutdown cleanly.
+- Ticket 49509 - Indexing of internationalized matching rules is failing
+- Ticket 49531 - coverity issues - fix memory leaks
+- Ticket 49529 - Fix Coverity warnings: invalid deferences
+- Ticket 49413 - Changelog trimming ignores disabled replica-agreement
+- Ticket 49446 - cleanallruv should ignore cleaned replica Id in processing changelog if in force mode
+- Ticket 49278 - GetEffectiveRights gives false-negative
+- Ticket 49524 - Password policy: minimum token length fails  when the token length is equal to attribute length
+- Ticket 49493 - heap use after free in csn_as_string
+- Ticket 49495 - Fix memory management is vattr.
+- Ticket 49471 - heap-buffer-overflow in ss_unescape
+- Ticket 49449 - Load sysctl values on rpm upgrade.
+- Ticket 49470 - overflow in pblock_get
+- Ticket 49474 - sasl allow mechs does not operate correctly
+- Ticket 49460 - replica_write_ruv log a failure even when it succeeds
+
 * Mon Nov 20 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.8-1
 - Bump version to 1.3.7.8
 - Ticket 49298 - fix complier warn
diff --git a/sources b/sources
index 6df7b26..795b0a6 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.8.tar.bz2) = 356e6582dce0d1aab9f2161d0d21775d19f94f014414f8a835639900834ac62d4f87b6e0a15e10b4479a3ff2e156edd4b9908102e4f74baf4389c99f94430532
+SHA512 (389-ds-base-1.3.7.9.tar.bz2) = 5f013fdb24553702abe55210a3f08c97762206df208edb3f99993633f483e6e5d851c0d145ad19364cfaaa6932d78fe40abe582d00a42d6298efc444ccc0b3ec

From 4709c579546d4fa683f18d4ecb0a80eb738731e1 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 19 Feb 2018 11:23:45 -0500
Subject: [PATCH 11/26] Add cyrus-sasl-plain requirement

---
 389-ds-base.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/389-ds-base.spec b/389-ds-base.spec
index bc2adba..74457bb 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -30,7 +30,7 @@
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
 Version:          1.3.7.9
-Release:          %{?relprefix}1%{?prerel}%{?dist}
+Release:          %{?relprefix}1%{?prerel}%{?dist}.1
 License:          GPLv3+
 URL:              http://www.port389.org
 Group:            System Environment/Daemons
@@ -108,6 +108,7 @@ Requires:         nss-tools
 # they are required to support the mandatory LDAP SASL mechs
 Requires:         cyrus-sasl-gssapi
 Requires:         cyrus-sasl-md5
+Requires:         cyrus-sasl-plain
 
 # this is needed for verify-db.pl
 Requires:         libdb-utils
@@ -530,6 +531,9 @@ fi
 %endif
 
 %changelog
+* Mon Feb 19 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.9-1.1
+- Add cyrus-sasl-plain requirement
+
 * Wed Jan 31 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.9-1
 - Bump version to 1.3.7.9
 - CVE-2017-15134 - Remote DoS via search filters in  slapi_filter_sprintf

From adb6f7a9e300c4fb22540a093d262dd558eb9d4d Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 6 Mar 2018 15:01:21 -0500
Subject: [PATCH 12/26] Bump version to 1.3.7.10 Ticket 49545 - final substring
 extended filter search returns invalid result Ticket 49161 - memberof fails
 if group is moved into scope ticket 49551 - correctly handle subordinates and
 tombstone numsubordinates Ticket 49296 - Fix race condition in connection
 code with  anonymous limits Ticket 49568 - Fix integer overflow on 32bit
 platforms Ticket 49566 - ds-replcheck needs to work with hidden conflict
 entries Ticket 49551 - fix memory leak found by coverity Ticket 49551 -
 correct handling of numsubordinates for cenotaphs and tombstone delete Ticket
 49560 - nsslapd-extract-pemfiles should be enabled by default as openldap is
 moving to openssl Ticket 49557 - Add config option for checking CRL on
 outbound SSL Connections

---
 .gitignore       |  1 +
 389-ds-base.spec | 17 +++++++++++++++--
 sources          |  2 +-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index c8a2284..390f2ee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -155,3 +155,4 @@
 /389-ds-base-1.3.7.7.tar.bz2
 /389-ds-base-1.3.7.8.tar.bz2
 /389-ds-base-1.3.7.9.tar.bz2
+/389-ds-base-1.3.7.10.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 74457bb..c9d1ff3 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,8 +29,8 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.9
-Release:          %{?relprefix}1%{?prerel}%{?dist}.1
+Version:          1.3.7.10
+Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
 Group:            System Environment/Daemons
@@ -531,6 +531,19 @@ fi
 %endif
 
 %changelog
+* Tue Mar 6 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.10-1
+- Bump version to 1.3.7.10
+- Ticket 49545 - final substring extended filter search returns invalid result
+- Ticket 49161 - memberof fails if group is moved into scope
+- ticket 49551 - correctly handle subordinates and tombstone numsubordinates
+- Ticket 49296 - Fix race condition in connection code with  anonymous limits
+- Ticket 49568 - Fix integer overflow on 32bit platforms
+- Ticket 49566 - ds-replcheck needs to work with hidden conflict entries
+- Ticket 49551 - fix memory leak found by coverity
+- Ticket 49551 - correct handling of numsubordinates for cenotaphs and tombstone delete
+- Ticket 49560 - nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl
+- Ticket 49557 - Add config option for checking CRL on outbound SSL Connections
+
 * Mon Feb 19 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.9-1.1
 - Add cyrus-sasl-plain requirement
 
diff --git a/sources b/sources
index 795b0a6..9dc61f5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.9.tar.bz2) = 5f013fdb24553702abe55210a3f08c97762206df208edb3f99993633f483e6e5d851c0d145ad19364cfaaa6932d78fe40abe582d00a42d6298efc444ccc0b3ec
+SHA512 (389-ds-base-1.3.7.10.tar.bz2) = 8721a7922971e8e7272e48dab36f6d56d51254487876c9489ec46503bba388e042c30392dacfa26f5c2e53900c739e45749dbc186292f29e9e3f1c31e0cb5440

From c4e01b32e1177386a59d12c632ba62542e8fc0f3 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 8 May 2018 12:46:57 -0400
Subject: [PATCH 13/26] Bump version to 1.3.8.1 Ticket 49661 - CVE-2018-1089 -
 Crash from long search filter Ticket 49652 - DENY aci's are not handled
 properly Ticket 49649 - Use reentrant crypt_r() Ticket 49644 - crash in debug
 build Ticket 49631 - same csn generated twice Ticket 48184 - revert previous
 patch around nunc-stans shutdown crash Rebase to 1.3.8

---
 .gitignore       |  1 +
 389-ds-base.spec | 12 +++++++++++-
 sources          |  2 +-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 390f2ee..50fee4b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -156,3 +156,4 @@
 /389-ds-base-1.3.7.8.tar.bz2
 /389-ds-base-1.3.7.9.tar.bz2
 /389-ds-base-1.3.7.10.tar.bz2
+/389-ds-base-1.3.8.1.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index c9d1ff3..4da16ae 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.10
+Version:          1.3.8.1
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -531,6 +531,16 @@ fi
 %endif
 
 %changelog
+* Tue May 8 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.1-1
+- Bump version to 1.3.8.1
+- Ticket 49661 - CVE-2018-1089 - Crash from long search filter
+- Ticket 49652 - DENY aci's are not handled properly
+- Ticket 49649 - Use reentrant crypt_r()
+- Ticket 49644 - crash in debug build
+- Ticket 49631 - same csn generated twice
+- Ticket 48184 - revert previous patch around nunc-stans shutdown crash
+- Rebase to 1.3.8
+
 * Tue Mar 6 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.10-1
 - Bump version to 1.3.7.10
 - Ticket 49545 - final substring extended filter search returns invalid result
diff --git a/sources b/sources
index 9dc61f5..8fc0336 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.10.tar.bz2) = 8721a7922971e8e7272e48dab36f6d56d51254487876c9489ec46503bba388e042c30392dacfa26f5c2e53900c739e45749dbc186292f29e9e3f1c31e0cb5440
+SHA512 (389-ds-base-1.3.8.1.tar.bz2) = c4a5dd631a2096c8021498124a9f9a5e0af8676e26620dfb0d64bc9ff3d0fb16e5e305e137d58e842249f402a42e920251500eee6b08e555fa16d6b92ca87c04

From ce1b375d3bc1ef775ed8a7aa1691733a457fc397 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 24 May 2018 14:10:00 -0400
Subject: [PATCH 14/26] Bump version to 1.3.8.2 Ticket 48184 - clean up and
 delete connections at shutdown (2nd try) Ticket 49696 - replicated operations
 should be serialized Ticket 49671 - Readonly replicas should not write
 internal ops to changelog Ticket 49665 - Upgrade script doesn't enable CRYPT
 password storage plug-in Ticket 49665 - Upgrade script doesn't enable PBKDF2
 password storage plug-in

---
 .gitignore       |  1 +
 389-ds-base.spec | 10 +++++++++-
 sources          |  2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 50fee4b..7e7e549 100644
--- a/.gitignore
+++ b/.gitignore
@@ -157,3 +157,4 @@
 /389-ds-base-1.3.7.9.tar.bz2
 /389-ds-base-1.3.7.10.tar.bz2
 /389-ds-base-1.3.8.1.tar.bz2
+/389-ds-base-1.3.8.2.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 4da16ae..a83136a 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.1
+Version:          1.3.8.2
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -531,6 +531,14 @@ fi
 %endif
 
 %changelog
+* Thu May 24 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.2-1
+- Bump version to 1.3.8.2
+- Ticket 48184 - clean up and delete connections at shutdown (2nd try)
+- Ticket 49696 - replicated operations should be serialized
+- Ticket 49671 - Readonly replicas should not write internal ops to changelog
+- Ticket 49665 - Upgrade script doesn't enable CRYPT password storage plug-in
+- Ticket 49665 - Upgrade script doesn't enable PBKDF2 password storage plug-in
+
 * Tue May 8 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.1-1
 - Bump version to 1.3.8.1
 - Ticket 49661 - CVE-2018-1089 - Crash from long search filter
diff --git a/sources b/sources
index 8fc0336..db4d704 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.1.tar.bz2) = c4a5dd631a2096c8021498124a9f9a5e0af8676e26620dfb0d64bc9ff3d0fb16e5e305e137d58e842249f402a42e920251500eee6b08e555fa16d6b92ca87c04
+SHA512 (389-ds-base-1.3.8.2.tar.bz2) = 91e417c9ec097c63e0af12f70702bdeb37df3b5d9503da4041c873caefc20a33a9ef841a7f8ace7ab29dbae4e2b8f47f959f1933b2ff565a22feffc5cfe519e2

From 3a71e983da4d870e096f6463d30fcb08d353925b Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 11 Jun 2018 11:36:20 -0400
Subject: [PATCH 15/26] Bump version to 1.3.8.3 Ticket 49746 - Additional
 compiler errors on ARM Ticket 49746 - Segfault during replication startup on
 Arm device Ticket 49742 - Fine grained password policy can impact search
 performance Ticket 49768 - Under network intensive load persistent search can
 erronously decrease connection refcnt Ticket 49765 - compiler warning Ticket
 49765 - Async operations can hang when the server is running nunc-stans
 Ticket 49748 - Passthru plugin startTLS option not working Ticket 49736 -
 Hardening of active connection list Ticket 48184 - clean up and delete
 connections at shutdown (3rd) Ticket 49726 - DS only accepts RSA and Fortezza
 cipher families Ticket 49722 - Errors log full of " WARN - keys2idl -
 recieved NULL idl from index_read_ext_allids, treating as empty set" messages
 Ticket 49576 - Add support of ";deletedattribute" in ds-replcheck Ticket
 49576 - Update ds-replcheck for new conflict entries

---
 .gitignore       |  1 +
 389-ds-base.spec | 23 +++++++++++++++++------
 sources          |  2 +-
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7e7e549..1a09506 100644
--- a/.gitignore
+++ b/.gitignore
@@ -158,3 +158,4 @@
 /389-ds-base-1.3.7.10.tar.bz2
 /389-ds-base-1.3.8.1.tar.bz2
 /389-ds-base-1.3.8.2.tar.bz2
+/389-ds-base-1.3.8.3.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index a83136a..f0042b7 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.2
+Version:          1.3.8.3
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -135,9 +135,6 @@ Requires:         perl-NetAddr-IP
 Requires:         systemd-libs
 Requires:         svrcore >= 4.1.3
 
-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
-Obsoletes:        %{name} <= 1.3.5.4
-
 Source0:          https://releases.pagure.org/389-ds-base/%{name}-%{version}%{?prerel}.tar.bz2
 # 389-ds-git.sh should be used to generate the source tarball from git
 Source1:          %{name}-git.sh
@@ -190,8 +187,6 @@ Development Libraries and headers for the 389 Directory Server base package.
 Summary:          SNMP Agent for 389 Directory Server
 Group:            System Environment/Daemons
 Requires:         %{name} = %{version}-%{release}
-
-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
 Obsoletes:        %{name} <= 1.3.7.3
 
 %description      snmp
@@ -531,6 +526,22 @@ fi
 %endif
 
 %changelog
+* Mon Jun 11 2018 Mark Reynolds <mreyhnolds@redhat.com> - 1.3.8.3-1
+- Bump version to 1.3.8.3
+- Ticket 49746 - Additional compiler errors on ARM
+- Ticket 49746 - Segfault during replication startup on Arm device
+- Ticket 49742 - Fine grained password policy can impact search performance
+- Ticket 49768 - Under network intensive load persistent search can erronously decrease connection refcnt
+- Ticket 49765 - compiler warning
+- Ticket 49765 - Async operations can hang when the server is running nunc-stans
+- Ticket 49748 - Passthru plugin startTLS option not working
+- Ticket 49736 - Hardening of active connection list
+- Ticket 48184 - clean up and delete connections at shutdown (3rd)
+- Ticket 49726 - DS only accepts RSA and Fortezza cipher families
+- Ticket 49722 - Errors log full of " WARN - keys2idl - recieved NULL idl from index_read_ext_allids, treating as empty set" messages
+- Ticket 49576 - Add support of ";deletedattribute" in ds-replcheck
+- Ticket 49576 - Update ds-replcheck for new conflict entries
+
 * Thu May 24 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.2-1
 - Bump version to 1.3.8.2
 - Ticket 48184 - clean up and delete connections at shutdown (2nd try)
diff --git a/sources b/sources
index db4d704..38ca69b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.2.tar.bz2) = 91e417c9ec097c63e0af12f70702bdeb37df3b5d9503da4041c873caefc20a33a9ef841a7f8ace7ab29dbae4e2b8f47f959f1933b2ff565a22feffc5cfe519e2
+SHA512 (389-ds-base-1.3.8.3.tar.bz2) = c0cf7f702fa62734d08736b88ba466cff5d64bf08e94aaa630b7ac49527eada5979ded592b6cc49ab9e503321e2ff98902bcb6430a573033165e7a4b048dcddf

From f567443f70b7caf400ac50f28c11b77c405f2e24 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 11 Jun 2018 12:48:38 -0400
Subject: [PATCH 16/26] Bump version to 1.3.8.3-2 Ticket 49576 - ds-replcheck:
 fix certificate directory verification

---
 389-ds-base.spec | 6 +++++-
 sources          | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/389-ds-base.spec b/389-ds-base.spec
index f0042b7..9e9c365 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -30,7 +30,7 @@
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
 Version:          1.3.8.3
-Release:          %{?relprefix}1%{?prerel}%{?dist}
+Release:          %{?relprefix}2%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
 Group:            System Environment/Daemons
@@ -526,6 +526,10 @@ fi
 %endif
 
 %changelog
+* Mon Jun 11 2018 Mark Reynolds <mreyhnolds@redhat.com> - 1.3.8.3-2
+- Bump version to 1.3.8.3-2
+- Ticket 49576 - ds-replcheck: fix certificate directory verification
+
 * Mon Jun 11 2018 Mark Reynolds <mreyhnolds@redhat.com> - 1.3.8.3-1
 - Bump version to 1.3.8.3
 - Ticket 49746 - Additional compiler errors on ARM
diff --git a/sources b/sources
index 38ca69b..a312b98 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.3.tar.bz2) = c0cf7f702fa62734d08736b88ba466cff5d64bf08e94aaa630b7ac49527eada5979ded592b6cc49ab9e503321e2ff98902bcb6430a573033165e7a4b048dcddf
+SHA512 (389-ds-base-1.3.8.3.tar.bz2) = 32e064fc43259a87e0d258719178ed40ea331b08d3f993eab1afcd21357ec79bbe0e0d4cb7184f8b66f58aed5223ed6581c75e91691343526c958eca3781bb76

From 8a9183465b4098e2edb0b1dd9a00fda14f3f791d Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 12 Jun 2018 12:57:41 -0400
Subject: [PATCH 17/26] Fix missing ticket in spec file changelog

---
 389-ds-base.spec | 1 +
 1 file changed, 1 insertion(+)

diff --git a/389-ds-base.spec b/389-ds-base.spec
index 9e9c365..8a78009 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -562,6 +562,7 @@ fi
 - Ticket 49644 - crash in debug build
 - Ticket 49631 - same csn generated twice
 - Ticket 48184 - revert previous patch around nunc-stans shutdown crash
+- Ticket 49619 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received
 - Rebase to 1.3.8
 
 * Tue Mar 6 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.10-1

From 10d70c03ec402e6fa89197b72e4b6aa9387bf41d Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 21 Jun 2018 13:07:33 -0400
Subject: [PATCH 18/26] Bump version to 1.3.8.4-1 Ticket 49751 -
 passwordMustChange attribute is not honored by a RO consumer if using "Chain
 on Update" Ticket 49734 - Fix various issues with Disk Monitoring Ticket
 49788 - Fixing 4-byte UTF-8 character validation

---
 .gitignore       |  1 +
 389-ds-base.spec | 10 ++++++++--
 sources          |  2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1a09506..8b75e87 100644
--- a/.gitignore
+++ b/.gitignore
@@ -159,3 +159,4 @@
 /389-ds-base-1.3.8.1.tar.bz2
 /389-ds-base-1.3.8.2.tar.bz2
 /389-ds-base-1.3.8.3.tar.bz2
+/389-ds-base-1.3.8.4.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 8a78009..c049d05 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,8 +29,8 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.3
-Release:          %{?relprefix}2%{?prerel}%{?dist}
+Version:          1.3.8.4
+Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
 Group:            System Environment/Daemons
@@ -526,6 +526,12 @@ fi
 %endif
 
 %changelog
+* Thu Jun 21 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-1
+- Bump version to 1.3.8.4-1
+- Ticket 49751 - passwordMustChange attribute is not honored by a RO consumer if using "Chain on Update"
+- Ticket 49734 - Fix various issues with Disk Monitoring
+- Ticket 49788 - Fixing 4-byte UTF-8 character validation
+
 * Mon Jun 11 2018 Mark Reynolds <mreyhnolds@redhat.com> - 1.3.8.3-2
 - Bump version to 1.3.8.3-2
 - Ticket 49576 - ds-replcheck: fix certificate directory verification
diff --git a/sources b/sources
index a312b98..71339f5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.3.tar.bz2) = 32e064fc43259a87e0d258719178ed40ea331b08d3f993eab1afcd21357ec79bbe0e0d4cb7184f8b66f58aed5223ed6581c75e91691343526c958eca3781bb76
+SHA512 (389-ds-base-1.3.8.4.tar.bz2) = 0333064624f3cead72252379622e6c8ce20671b8a281ab6839a6c7a3c0f82a943573504240717938ebe66422e77ec2eac80095d411fb345366af7e7fcb0c9f35

From 73b916b96116650fbe99b886c5a276a06e6e3749 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 17 Jul 2018 16:02:03 -0400
Subject: [PATCH 19/26] Bump version to 1.3.8.5 Ticket 49789 - By default, do
 not manage unhashed password Ticket 49546 - Fix issues with MIB file Ticket
 49840 - ds-replcheck command returns traceback errors against ldif files
 having garbage content when run in offline mode Ticket 48818 - For a replica
 bindDNGroup, should be fetched the first time it is used not when the replica
 is started Ticket 49780 - acl_copyEval_context double free Ticket 49830 -
 Import fails if backend name is "default" Ticket 49432 - filter optimise
 crash Ticket 49372 - filter optimisation improvements for common queries
 Update Source0 URL in rpm/389-ds-base.spec.in

---
 .gitignore       |  1 +
 389-ds-base.spec | 15 ++++++++++++++-
 sources          |  2 +-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8b75e87..971b34e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -160,3 +160,4 @@
 /389-ds-base-1.3.8.2.tar.bz2
 /389-ds-base-1.3.8.3.tar.bz2
 /389-ds-base-1.3.8.4.tar.bz2
+/389-ds-base-1.3.8.5.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index c049d05..417a46f 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.4
+Version:          1.3.8.5
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -103,6 +103,7 @@ Requires:         perl-Mozilla-LDAP
 # this is needed to setup SSL if you are not using the
 # administration server package
 Requires:         nss-tools
+Requires:         nss >= 3.34
 
 # these are not found by the auto-dependency method
 # they are required to support the mandatory LDAP SASL mechs
@@ -526,6 +527,18 @@ fi
 %endif
 
 %changelog
+* Tue Jul 17 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.5-1
+- Bump version to 1.3.8.5
+- Ticket 49789 - By default, do not manage unhashed password
+- Ticket 49546 - Fix issues with MIB file
+- Ticket 49840 - ds-replcheck command returns traceback errors against ldif files having garbage content when run in offline mode
+- Ticket 48818 - For a replica bindDNGroup, should be fetched the first time it is used not when the replica is started
+- Ticket 49780 - acl_copyEval_context double free
+- Ticket 49830 - Import fails if backend name is "default"
+- Ticket 49432 - filter optimise crash
+- Ticket 49372 - filter optimisation improvements for common queries
+- Update Source0 URL in rpm/389-ds-base.spec.in
+
 * Thu Jun 21 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-1
 - Bump version to 1.3.8.4-1
 - Ticket 49751 - passwordMustChange attribute is not honored by a RO consumer if using "Chain on Update"
diff --git a/sources b/sources
index 71339f5..0439464 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.4.tar.bz2) = 0333064624f3cead72252379622e6c8ce20671b8a281ab6839a6c7a3c0f82a943573504240717938ebe66422e77ec2eac80095d411fb345366af7e7fcb0c9f35
+SHA512 (389-ds-base-1.3.8.5.tar.bz2) = ec0421a6c4501ae8ecb452a6976c42a54e6d499dea8e4580439c194a9968fc772198dfe347d2c64cbd80bfea162f14125b24afaed9abfa83599512f601f7868a

From 157f3695abc3e5d495fc8463172d09a3744640ec Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 20 Jul 2018 10:30:06 -0400
Subject: [PATCH 20/26] Bump version to 1.3.8.6 Ticket 49789 - backout original
 security fix as it caused a regression in FreeIPA

---
 .gitignore       | 1 +
 389-ds-base.spec | 6 +++++-
 sources          | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 971b34e..879f917 100644
--- a/.gitignore
+++ b/.gitignore
@@ -161,3 +161,4 @@
 /389-ds-base-1.3.8.3.tar.bz2
 /389-ds-base-1.3.8.4.tar.bz2
 /389-ds-base-1.3.8.5.tar.bz2
+/389-ds-base-1.3.8.6.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 417a46f..a97090d 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.5
+Version:          1.3.8.6
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -527,6 +527,10 @@ fi
 %endif
 
 %changelog
+* Fri Jul 20 2018 Mark Reynoolds <mreynolds@redhat.com> - 1.3.8.6-1
+- Bump version to 1.3.8.6
+- Ticket 49789 - backout original security fix as it caused a regression in FreeIPA
+
 * Tue Jul 17 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.5-1
 - Bump version to 1.3.8.5
 - Ticket 49789 - By default, do not manage unhashed password
diff --git a/sources b/sources
index 0439464..5de3ccc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.5.tar.bz2) = ec0421a6c4501ae8ecb452a6976c42a54e6d499dea8e4580439c194a9968fc772198dfe347d2c64cbd80bfea162f14125b24afaed9abfa83599512f601f7868a
+SHA512 (389-ds-base-1.3.8.6.tar.bz2) = c5fc70c51839742f7d773ab8144ecea70101d115eb96893a34f17f499fc34c523a90506c39517d07f5b2b82863ffedd17228fe8878b84fdb6ef60a7089821ab4

From a8dc53d5c5de5e95c425caf654beca40be159c95 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 10 Aug 2018 13:42:57 -0400
Subject: [PATCH 21/26] Bump version to 1.3.8.7 Ticket 49890 - SECURITY FIX -
 ldapsearch with server side sort crashes the ldap server Ticket 49893 -
 disable nunc-stans by default

---
 .gitignore       | 1 +
 389-ds-base.spec | 9 +++++++--
 sources          | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 879f917..063ed66 100644
--- a/.gitignore
+++ b/.gitignore
@@ -162,3 +162,4 @@
 /389-ds-base-1.3.8.4.tar.bz2
 /389-ds-base-1.3.8.5.tar.bz2
 /389-ds-base-1.3.8.6.tar.bz2
+/389-ds-base-1.3.8.7.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index a97090d..fb9714b 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.6
+Version:          1.3.8.7
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -527,7 +527,12 @@ fi
 %endif
 
 %changelog
-* Fri Jul 20 2018 Mark Reynoolds <mreynolds@redhat.com> - 1.3.8.6-1
+* Fri Aug 10 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.7-1
+- Bump version to 1.3.8.7
+- Ticket 49890 - SECURITY FIX - ldapsearch with server side sort crashes the ldap server
+- Ticket 49893 - disable nunc-stans by default
+
+* Fri Jul 20 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.6-1
 - Bump version to 1.3.8.6
 - Ticket 49789 - backout original security fix as it caused a regression in FreeIPA
 
diff --git a/sources b/sources
index 5de3ccc..7acf4cf 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.6.tar.bz2) = c5fc70c51839742f7d773ab8144ecea70101d115eb96893a34f17f499fc34c523a90506c39517d07f5b2b82863ffedd17228fe8878b84fdb6ef60a7089821ab4
+SHA512 (389-ds-base-1.3.8.7.tar.bz2) = 5fa84cc2f12b7d4c5ac48927549315aead9947991f89226ec5a28a099a443daadba281b355507a2fee2140e9840c80b4e67cd829ae94a48fd097c283c7453ea3

From 02629c78837d60c1e043c5c656debcad363629b0 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 24 Aug 2018 16:59:09 -0400
Subject: [PATCH 22/26] Bump version to 1.3.8.8 Revert "Ticket 49372 - filter
 optimisation improvements for common queries" Revert "Ticket 49432 - filter
 optimise crash"

---
 389-ds-base.spec | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/389-ds-base.spec b/389-ds-base.spec
index fb9714b..ddc1aa8 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.7
+Version:          1.3.8.8
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://www.port389.org
@@ -527,6 +527,11 @@ fi
 %endif
 
 %changelog
+* Fri Aug 24 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.8-1
+- Bump version to 1.3.8.8
+- Revert "Ticket 49372 - filter optimisation improvements for common queries"
+- Revert "Ticket 49432 - filter optimise crash"
+
 * Fri Aug 10 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.7-1
 - Bump version to 1.3.8.7
 - Ticket 49890 - SECURITY FIX - ldapsearch with server side sort crashes the ldap server

From 2fb1a93b2038e3084ad58aacee834cb0bf32dbe2 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 24 Aug 2018 17:03:20 -0400
Subject: [PATCH 23/26] Add sources

---
 .gitignore | 1 +
 sources    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 063ed66..9031713 100644
--- a/.gitignore
+++ b/.gitignore
@@ -163,3 +163,4 @@
 /389-ds-base-1.3.8.5.tar.bz2
 /389-ds-base-1.3.8.6.tar.bz2
 /389-ds-base-1.3.8.7.tar.bz2
+/389-ds-base-1.3.8.8.tar.bz2
diff --git a/sources b/sources
index 7acf4cf..022f0d3 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.7.tar.bz2) = 5fa84cc2f12b7d4c5ac48927549315aead9947991f89226ec5a28a099a443daadba281b355507a2fee2140e9840c80b4e67cd829ae94a48fd097c283c7453ea3
+SHA512 (389-ds-base-1.3.8.8.tar.bz2) = 632456d318282a849f20e4423561825b09fee53f2471898ed787421a3e9aeb3639ad2c5562ee2389f034e07138eb936db8ca1f56f5ff210da32690407ffa3db8

From d347ba26901f3ffd7938ebbfd8ec8c4e419489c1 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 9 Oct 2018 16:38:13 -0400
Subject: [PATCH 24/26] Bump version to 1.3.8.9 Ticket 49969 - DOS caused by
 malformed search operation (security fix) Ticket 49954 - On s390x arch
 retrieved DB page size is stored as size_t rather than uint32_t Ticket 49937
 - Log buffer exceeded emergency logging msg is not thread-safe (security fix)
 Ticket 49932 - Crash in delete_passwdPolicy when persistent search
 connections are terminated unexpectedly

---
 .gitignore       |  1 +
 389-ds-base.spec | 11 +++++++++--
 sources          |  2 +-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 9031713..c3df8b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -164,3 +164,4 @@
 /389-ds-base-1.3.8.6.tar.bz2
 /389-ds-base-1.3.8.7.tar.bz2
 /389-ds-base-1.3.8.8.tar.bz2
+/389-ds-base-1.3.8.9.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index ddc1aa8..92caa76 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,10 +29,10 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.8
+Version:          1.3.8.9
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
-URL:              http://www.port389.org
+URL:              https://www.port389.org
 Group:            System Environment/Daemons
 BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Conflicts:        selinux-policy-base < 3.9.8
@@ -527,6 +527,13 @@ fi
 %endif
 
 %changelog
+* Tue Oct 9 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.9-1
+- Bump version to 1.3.8.9
+- Ticket 49969 - DOS caused by malformed search operation (security fix)
+- Ticket 49954 - On s390x arch retrieved DB page size is stored as size_t rather than uint32_t
+- Ticket 49937 - Log buffer exceeded emergency logging msg is not thread-safe (security fix)
+- Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly
+
 * Fri Aug 24 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.8-1
 - Bump version to 1.3.8.8
 - Revert "Ticket 49372 - filter optimisation improvements for common queries"
diff --git a/sources b/sources
index 022f0d3..afa474c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.8.tar.bz2) = 632456d318282a849f20e4423561825b09fee53f2471898ed787421a3e9aeb3639ad2c5562ee2389f034e07138eb936db8ca1f56f5ff210da32690407ffa3db8
+SHA512 (389-ds-base-1.3.8.9.tar.bz2) = 2f07fa3786ad134afe702bac3c28ae3e6bdf5b944f95ff343e5310a3425ecb81e37b5c2d7fa51066caf2e10a5ffab2ad80f46468fa8e008e36931d0a9d6b8401

From 29e419e0887cacd94bba931cfc4424f083bf5a36 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 10 Oct 2018 13:48:06 -0400
Subject: [PATCH 25/26] Bump version to 1.3.8.10 Ticket 49969 - DOS caused by
 malformed search operation (part 2)

---
 .gitignore       | 1 +
 389-ds-base.spec | 6 +++++-
 sources          | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index c3df8b9..b602cac 100644
--- a/.gitignore
+++ b/.gitignore
@@ -165,3 +165,4 @@
 /389-ds-base-1.3.8.7.tar.bz2
 /389-ds-base-1.3.8.8.tar.bz2
 /389-ds-base-1.3.8.9.tar.bz2
+/389-ds-base-1.3.8.10.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 92caa76..f88c47a 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.9
+Version:          1.3.8.10
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              https://www.port389.org
@@ -527,6 +527,10 @@ fi
 %endif
 
 %changelog
+* Wed Oct 10 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.10-1
+- Bump version to 1.3.8.10
+- Ticket 49969 - DOS caused by malformed search operation (part 2)
+
 * Tue Oct 9 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.9-1
 - Bump version to 1.3.8.9
 - Ticket 49969 - DOS caused by malformed search operation (security fix)
diff --git a/sources b/sources
index afa474c..cd13472 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.9.tar.bz2) = 2f07fa3786ad134afe702bac3c28ae3e6bdf5b944f95ff343e5310a3425ecb81e37b5c2d7fa51066caf2e10a5ffab2ad80f46468fa8e008e36931d0a9d6b8401
+SHA512 (389-ds-base-1.3.8.10.tar.bz2) = 8b50cd8d81694cacef5e7992b82e9672fa6df071f097929f040692cf6bd61291b1125c082eae7a36afbab60491095eb5b4f7b6bd0a7332311df30a5ac62c0784

From 9947c4d2132ca34c7567ddd0cedc510f1573d466 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 31 Oct 2018 15:36:47 -0400
Subject: [PATCH 26/26] Branching 1.3.8 to 1.3.9 Ticket 49967 - entry cache
 corruption after failed MODRDN Ticket 49968 - Confusing CRITICAL message:
 list_candidates - NULL idl was recieved from filter_candidates_ext Ticket
 49915 - fix compiler warnings (2nd) Ticket 49915 - fix compiler warnings
 Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication
 and replication cannot finish

---
 .gitignore       |  1 +
 389-ds-base.spec | 13 ++++++++++---
 sources          |  2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index b602cac..80b22fb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -166,3 +166,4 @@
 /389-ds-base-1.3.8.8.tar.bz2
 /389-ds-base-1.3.8.9.tar.bz2
 /389-ds-base-1.3.8.10.tar.bz2
+/389-ds-base-1.3.9.0.tar.bz2
diff --git a/389-ds-base.spec b/389-ds-base.spec
index f88c47a..22b04ba 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -29,7 +29,7 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.8.10
+Version:          1.3.9.0
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              https://www.port389.org
@@ -311,8 +311,7 @@ rm -rf $RPM_BUILD_ROOT
 output=/dev/null
 # reload to pick up any changes to systemd files
 /bin/systemctl daemon-reload >$output 2>&1 || :
-# reload to pick up any shared lib changes
-/sbin/ldconfig
+
 # find all instances
 instances="" # instances that require a restart after upgrade
 ninst=0 # number of instances found in total
@@ -527,6 +526,14 @@ fi
 %endif
 
 %changelog
+* Wed Oct 31 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.9.0-1
+- Branching 1.3.8 to 1.3.9
+- Ticket 49967 - entry cache corruption after failed MODRDN
+- Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from filter_candidates_ext
+- Ticket 49915 - fix compiler warnings (2nd)
+- Ticket 49915 - fix compiler warnings
+- Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and replication cannot finish
+
 * Wed Oct 10 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.10-1
 - Bump version to 1.3.8.10
 - Ticket 49969 - DOS caused by malformed search operation (part 2)
diff --git a/sources b/sources
index cd13472..043b0b5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.8.10.tar.bz2) = 8b50cd8d81694cacef5e7992b82e9672fa6df071f097929f040692cf6bd61291b1125c082eae7a36afbab60491095eb5b4f7b6bd0a7332311df30a5ac62c0784
+SHA512 (389-ds-base-1.3.9.0.tar.bz2) = 9804efc6991575771394ce63b4f177ba8bcb89f45ff60216b39cabee63b2234b8502a4d1587830ad6422ea68d58a4b26a55e2124f4777eeaa20beef92f9e7ee1