diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index d28271f..18ea466 100644 --- a/.gitignore +++ b/.gitignore @@ -1,202 +1,4 @@ *~ -/389-ds-base-1.2.7.2.tar.bz2 -/389-ds-base-1.2.7.3.tar.bz2 -/389-ds-base-1.2.7.4.tar.bz2 -/389-ds-base-1.2.7.5.tar.bz2 -/389-ds-base-1.2.8.a1.tar.bz2 -/389-ds-base-1.2.8.a2.tar.bz2 -/389-ds-base-1.2.8.a3.tar.bz2 -/389-ds-base-1.2.8.rc1.tar.bz2 -/389-ds-base-1.2.8.rc2.tar.bz2 -/389-ds-base-1.2.8.rc4.tar.bz2 -/389-ds-base-1.2.8.rc5.tar.bz2 -/389-ds-base-1.2.8.0.tar.bz2 -/389-ds-base-1.2.8.1.tar.bz2 -/389-ds-base-1.2.8.2.tar.bz2 -/389-ds-base-1.2.8.3.tar.bz2 -/389-ds-base-1.2.9.a1.tar.bz2 -/389-ds-base-1.2.9.a2.tar.bz2 -/389-ds-base-1.2.9.0.tar.bz2 -/389-ds-base-1.2.9.1.tar.bz2 -/389-ds-base-1.2.9.2.tar.bz2 -/389-ds-base-1.2.9.3.tar.bz2 -/389-ds-base-1.2.9.4.tar.bz2 -/389-ds-base-1.2.9.5.tar.bz2 -/389-ds-base-1.2.9.6.tar.bz2 -/389-ds-base-1.2.9.7.tar.bz2 -/389-ds-base-1.2.9.8.tar.bz2 -/389-ds-base-1.2.9.9.tar.bz2 -/389-ds-base-1.2.9.10.tar.bz2 -/389-ds-base-1.2.10.a1.tar.bz2 -/389-ds-base-1.2.10.a2.tar.bz2 -/389-ds-base-1.2.10.a3.tar.bz2 -/389-ds-base-1.2.10.a4.tar.bz2 -/389-ds-base-1.2.10.a5.tar.bz2 -/389-ds-base-1.2.10.a6.tar.bz2 -/389-ds-base-1.2.10.a7.tar.bz2 -/389-ds-base-1.2.10.a8.tar.bz2 -/389-ds-base-1.2.10.rc1.tar.bz2 -/389-ds-base-1.2.10.0.tar.bz2 -/389-ds-base-1.2.10.1.tar.bz2 -/389-ds-base-1.2.10.2.tar.bz2 -/389-ds-base-1.2.10.3.tar.bz2 -/389-ds-base-1.2.10.4.tar.bz2 -/389-ds-base-1.2.11.a1.tar.bz2 -/389-ds-base-1.2.11.1.tar.bz2 -/389-ds-base-1.2.11.2.tar.bz2 -/389-ds-base-1.2.11.3.tar.bz2 -/389-ds-base-1.2.11.4.tar.bz2 -/389-ds-base-1.2.11.5.tar.bz2 -/389-ds-base-1.2.11.6.tar.bz2 -/389-ds-base-1.2.11.7.tar.bz2 -/389-ds-base-1.2.11.8.tar.bz2 -/389-ds-base-1.2.11.9.tar.bz2 -/389-ds-base-1.2.11.10.tar.bz2 -/389-ds-base-1.2.11.11.tar.bz2 -/389-ds-base-1.2.11.12.tar.bz2 -/389-ds-base-1.2.11.13.tar.bz2 -/389-ds-base-1.2.11.14.tar.bz2 -/389-ds-base-1.2.11.15.tar.bz2 -/389-ds-base-1.3.0.a1.tar.bz2 -/389-ds-base-1.3.0.rc1.tar.bz2 -/389-ds-base-1.3.0.rc2.tar.bz2 -/389-ds-base-1.3.0.rc3.tar.bz2 -/389-ds-base-1.3.0.0.tar.bz2 -/389-ds-base-1.3.0.1.tar.bz2 -/389-ds-base-1.3.0.2.tar.bz2 -/389-ds-base-1.3.0.3.tar.bz2 -/389-ds-base-1.3.0.4.tar.bz2 -/389-ds-base-1.3.0.5.tar.bz2 -/389-ds-base-1.3.1.0.tar.bz2 -/389-ds-base-1.3.1.1.tar.bz2 -/389-ds-base-1.3.1.2.tar.bz2 -/389-ds-base-1.3.1.3.tar.bz2 -/389-ds-base-1.3.1.4.tar.bz2 -/389-ds-base-1.3.1.5.tar.bz2 -/389-ds-base-1.3.1.6.tar.bz2 -/389-ds-base-1.3.1.7.tar.bz2 -/389-ds-base-1.3.1.8.tar.bz2 -/389-ds-base-1.3.1.9.tar.bz2 -/389-ds-base-1.3.1.10.tar.bz2 -/389-ds-base-1.3.1.11.tar.bz2 -/389-ds-base-1.3.2.0.tar.bz2 -/389-ds-base-1.3.2.1.tar.bz2 -/389-ds-base-1.3.2.2.tar.bz2 -/389-ds-base-1.3.2.3.tar.bz2 -/389-ds-base-1.3.2.4.tar.bz2 -/389-ds-base-1.3.2.5.tar.bz2 -/389-ds-base-1.3.2.6.tar.bz2 -/389-ds-base-1.3.2.7.tar.bz2 -/389-ds-base-1.3.2.8.tar.bz2 -/389-ds-base-1.3.2.9.tar.bz2 -/389-ds-base-1.3.2.10.tar.bz2 -/389-ds-base-1.3.2.11.tar.bz2 -/389-ds-base-1.3.2.12.tar.bz2 -/389-ds-base-1.3.2.13.tar.bz2 -/389-ds-base-1.3.2.14.tar.bz2 -/389-ds-base-1.3.2.15.tar.bz2 -/389-ds-base-1.3.2.16.tar.bz2 -/389-ds-base-1.3.2.17.tar.bz2 -/389-ds-base-1.3.2.18.tar.bz2 -/389-ds-base-1.3.2.19.tar.bz2 -/389-ds-base-1.3.2.20.tar.bz2 -/389-ds-base-1.3.2.21.tar.bz2 -/389-ds-base-1.3.2.22.tar.bz2 -/389-ds-base-1.3.2.23.tar.bz2 -/389-ds-base-1.3.3.0.tar.bz2 -/389-ds-base-1.3.3.2.tar.bz2 -/389-ds-base-1.3.3.3.tar.bz2 -/389-ds-base-1.3.3.4.tar.bz2 -/389-ds-base-1.3.3.5.tar.bz2 -/389-ds-base-1.3.3.6.tar.bz2 -/389-ds-base-1.3.3.7.tar.bz2 -/389-ds-base-1.3.3.8.tar.bz2 -/389-ds-base-1.3.3.9.tar.bz2 -/389-ds-base-1.3.3.10.tar.bz2 -/389-ds-base-1.3.3.11.tar.bz2 -/389-ds-base-1.3.3.12.tar.bz2 -/389-ds-base-1.3.4.0.tar.bz2 -/nunc-stans-0.1.3.tar.bz2 -/nunc-stans-0.1.4.tar.bz2 -/389-ds-base-1.3.4.1.tar.bz2 -/nunc-stans-0.1.5.tar.bz2 -/389-ds-base-1.3.4.2.tar.bz2 -/389-ds-base-1.3.4.3.tar.bz2 -/389-ds-base-1.3.4.4.tar.bz2 -/389-ds-base-1.3.4.5.tar.bz2 -/389-ds-base-1.3.4.6.tar.bz2 -/389-ds-base-1.3.4.7.tar.bz2 -/389-ds-base-1.3.4.8.tar.bz2 -/389-ds-base-1.3.5.0.tar.bz2 -/nunc-stans-0.1.8.tar.bz2 -/389-ds-base-1.3.5.1.tar.bz2 -/389-ds-base-1.3.5.3.tar.bz2 -/389-ds-base-1.3.5.4.tar.bz2 -/389-ds-base-1.3.5.5.tar.bz2 -/389-ds-base-1.3.5.6.tar.bz2 -/389-ds-base-1.3.5.10.tar.bz2 -/389-ds-base-1.3.5.11.tar.bz2 -/389-ds-base-1.3.5.12.tar.bz2 -/389-ds-base-1.3.5.13.tar.bz2 -/389-ds-base-1.3.5.14.tar.bz2 -/nunc-stans-0.2.0.tar.bz2 -/389-ds-base-1.3.6.1.tar.bz2 -/389-ds-base-1.3.6.2.tar.bz2 -/389-ds-base-1.3.6.3.tar.bz2 -/389-ds-base-1.3.6.4.tar.bz2 -/389-ds-base-1.3.6.5.tar.bz2 -/389-ds-base-1.3.6.6.tar.bz2 -/389-ds-base-1.3.7.1.tar.bz2 -/389-ds-base-1.3.7.2.tar.bz2 -/389-ds-base-1.3.7.3.tar.bz2 -/389-ds-base-1.3.7.4.tar.bz2 -/389-ds-base-1.4.0.0.tar.bz2 -/389-ds-base-1.4.0.1.tar.bz2 -/389-ds-base-1.4.0.2.tar.bz2 -/389-ds-base-1.4.0.3.tar.bz2 -/389-ds-base-1.4.0.4.tar.bz2 -/389-ds-base-1.4.0.5.tar.bz2 -/389-ds-base-1.4.0.6.tar.bz2 -/389-ds-base-1.4.0.7.tar.bz2 -/389-ds-base-1.4.0.8.tar.bz2 -/389-ds-base-1.4.0.9.tar.bz2 -/389-ds-base-1.4.0.10.tar.bz2 -/jemalloc-5.0.1.tar.bz2 -/389-ds-base-1.4.0.11.tar.bz2 -/jemalloc-5.1.0.tar.bz2 -/389-ds-base-1.4.0.12.tar.bz2 -/389-ds-base-1.4.0.13.tar.bz2 -/389-ds-base-1.4.0.14.tar.bz2 -/389-ds-base-1.4.0.15.tar.bz2 -/389-ds-base-1.4.0.16.tar.bz2 -/389-ds-base-1.4.0.17.tar.bz2 -/389-ds-base-1.4.0.18.tar.bz2 -/389-ds-base-1.4.0.19.tar.bz2 -/389-ds-base-1.4.0.20.tar.bz2 -/389-ds-base-1.4.1.1.tar.bz2 -/389-ds-base-1.4.1.2.tar.bz2 -/389-ds-base-1.4.1.3.tar.bz2 -/389-ds-base-1.4.1.4.tar.bz2 -/389-ds-base-1.4.1.5.tar.bz2 -/jemalloc-5.2.0.tar.bz2 -/389-ds-base-1.4.1.6.tar.bz2 -/389-ds-base-1.4.2.1.tar.bz2 -/389-ds-base-1.4.2.2.tar.bz2 -/389-ds-base-1.4.2.3.tar.bz2 -/389-ds-base-1.4.2.4.tar.bz2 -/389-ds-base-1.4.2.5.tar.bz2 -/389-ds-base-1.4.3.1.tar.bz2 -/jemalloc-5.2.1.tar.bz2 -/389-ds-base-1.4.3.2.tar.bz2 -/389-ds-base-1.4.3.3.tar.bz2 -/389-ds-base-1.4.3.4.tar.bz2 -/389-ds-base-1.4.3.5.tar.bz2 -/389-ds-base-1.4.4.0.tar.bz2 -/389-ds-base-1.4.4.1.tar.bz2 -/389-ds-base-1.4.4.2.tar.bz2 -/389-ds-base-1.4.4.3.tar.bz2 -/389-ds-base-1.4.4.4.tar.bz2 -/389-ds-base-1.4.4.6.tar.bz2 -/389-ds-base-1.4.5.0.tar.bz2 -/389-ds-base-2.0.1.tar.bz2 -/389-ds-base-2.0.2.tar.bz2 +/389-ds-base-*.tar.bz2 +/jemalloc-*.tar.bz2 +/libdb-5.3.28-59.tar.bz2 diff --git a/0001-Issue-2526-retrocl-backend-created-out-of-order.patch b/0001-Issue-2526-retrocl-backend-created-out-of-order.patch deleted file mode 100644 index c6f7fed..0000000 --- a/0001-Issue-2526-retrocl-backend-created-out-of-order.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 67c8b8702a249cb0ef1ebf49b6e87056cd5339f6 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 27 Oct 2020 13:14:55 -0400 -Subject: [PATCH] Issue 2526 - retrocl backend created out of order - -Bug Description: A recent change verified that you do not create - a mappingtree entry before the backend entry was - created. The server created the retrocl backend - in the opposite order which broke the retrocl. - -Fix Description: Create the retrocl backend entry before creating - the mapping tree entry. - -Relates: https://github.com/389ds/389-ds-base/issues/2526 - -Reviewed by: viktor(Thanks!) ---- - ldap/servers/plugins/retrocl/retrocl.c | 10 ++--- - ldap/servers/plugins/retrocl/retrocl_create.c | 38 +++++++++---------- - 2 files changed, 22 insertions(+), 26 deletions(-) - -diff --git a/ldap/servers/plugins/retrocl/retrocl.c b/ldap/servers/plugins/retrocl/retrocl.c -index 4af4d752b..8d6135dad 100644 ---- a/ldap/servers/plugins/retrocl/retrocl.c -+++ b/ldap/servers/plugins/retrocl/retrocl.c -@@ -222,15 +222,11 @@ retrocl_select_backend(void) - slapi_entry_free(referral); - - if (err != LDAP_SUCCESS || be == NULL || be == defbackend_get_backend()) { -- slapi_log_err(SLAPI_LOG_ERR, RETROCL_PLUGIN_NAME, -+ /* Could not find the backend for cn=changelog, either because -+ * it doesn't exist mapping tree not registered. */ -+ slapi_log_err(SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, - "retrocl_select_backend - Mapping tree select failed (%d) %s.\n", err, errbuf); -- -- /* could not find the backend for cn=changelog, either because -- * it doesn't exist -- * mapping tree not registered. -- */ - err = retrocl_create_config(); -- - if (err != LDAP_SUCCESS) - return err; - } else { -diff --git a/ldap/servers/plugins/retrocl/retrocl_create.c b/ldap/servers/plugins/retrocl/retrocl_create.c -index fb1503520..571e6899f 100644 ---- a/ldap/servers/plugins/retrocl/retrocl_create.c -+++ b/ldap/servers/plugins/retrocl/retrocl_create.c -@@ -192,6 +192,25 @@ retrocl_create_config(void) - vals[0] = &val; - vals[1] = NULL; - -+ retrocl_be_changelog = slapi_be_select_by_instance_name("changelog"); -+ -+ if (retrocl_be_changelog == NULL) { -+ /* This is not the nsslapd-changelogdir from cn=changelog4,cn=config */ -+ char *bedir; -+ -+ bedir = retrocl_get_config_str(CONFIG_CHANGELOG_DIRECTORY_ATTRIBUTE); -+ if (bedir == NULL) { -+ /* none specified */ -+ } -+ -+ rc = retrocl_create_be(bedir); -+ slapi_ch_free_string(&bedir); -+ if (rc != LDAP_SUCCESS && rc != LDAP_ALREADY_EXISTS) { -+ return rc; -+ } -+ retrocl_be_changelog = slapi_be_select_by_instance_name("changelog"); -+ } -+ - /* Assume the mapping tree node is missing. It doesn't hurt to - * attempt to add it if it already exists. You will see a warning - * in the errors file when the referenced backend does not exist. -@@ -256,25 +275,6 @@ retrocl_create_config(void) - return rc; - } - -- retrocl_be_changelog = slapi_be_select_by_instance_name("changelog"); -- -- if (retrocl_be_changelog == NULL) { -- /* This is not the nsslapd-changelogdir from cn=changelog4,cn=config */ -- char *bedir; -- -- bedir = retrocl_get_config_str(CONFIG_CHANGELOG_DIRECTORY_ATTRIBUTE); -- if (bedir == NULL) { -- /* none specified */ -- } -- -- rc = retrocl_create_be(bedir); -- slapi_ch_free_string(&bedir); -- if (rc != LDAP_SUCCESS && rc != LDAP_ALREADY_EXISTS) { -- return rc; -- } -- retrocl_be_changelog = slapi_be_select_by_instance_name("changelog"); -- } -- - return LDAP_SUCCESS; - } - --- -2.28.0 - diff --git a/0001-Issue-7096-During-replication-online-total-init-the-.patch b/0001-Issue-7096-During-replication-online-total-init-the-.patch new file mode 100644 index 0000000..a5792b6 --- /dev/null +++ b/0001-Issue-7096-During-replication-online-total-init-the-.patch @@ -0,0 +1,318 @@ +From 1c9c535888b9a850095794787d67900b04924a76 Mon Sep 17 00:00:00 2001 +From: tbordaz +Date: Wed, 7 Jan 2026 11:21:12 +0100 +Subject: [PATCH] Issue 7096 - During replication online total init the + function idl_id_is_in_idlist is not scaling with large database (#7145) + +Bug description: + During a online total initialization, the supplier sorts + the candidate list of entries so that the parents are sent before + children entries. + With large DB the ID array used for the sorting is not + scaling. It takes so long to build the candidate list that + the connection gets closed + +Fix description: + Instead of using an ID array, uses a list of ID ranges + +fixes: #7096 + +Reviewed by: Mark Reynolds, Pierre Rogier (Thanks !!) +--- + ldap/servers/slapd/back-ldbm/back-ldbm.h | 12 ++ + ldap/servers/slapd/back-ldbm/idl_common.c | 163 ++++++++++++++++++ + ldap/servers/slapd/back-ldbm/idl_new.c | 30 ++-- + .../servers/slapd/back-ldbm/proto-back-ldbm.h | 3 + + 4 files changed, 189 insertions(+), 19 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h +index 1bc36720d..b187c26bc 100644 +--- a/ldap/servers/slapd/back-ldbm/back-ldbm.h ++++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h +@@ -282,6 +282,18 @@ typedef struct _idlist_set + #define INDIRECT_BLOCK(idl) ((idl)->b_nids == INDBLOCK) + #define IDL_NIDS(idl) (idl ? (idl)->b_nids : (NIDS)0) + ++/* ++ * used by the supplier during online total init ++ * it stores the ranges of ID that are already present ++ * in the candidate list ('parentid>=1') ++ */ ++typedef struct IdRange { ++ ID first; ++ ID last; ++ struct IdRange *next; ++} IdRange_t; ++ ++ + typedef size_t idl_iterator; + + /* small hashtable implementation used in the entry cache -- the table +diff --git a/ldap/servers/slapd/back-ldbm/idl_common.c b/ldap/servers/slapd/back-ldbm/idl_common.c +index fcb0ece4b..fdc9b4e67 100644 +--- a/ldap/servers/slapd/back-ldbm/idl_common.c ++++ b/ldap/servers/slapd/back-ldbm/idl_common.c +@@ -172,6 +172,169 @@ idl_min(IDList *a, IDList *b) + return (a->b_nids > b->b_nids ? b : a); + } + ++/* ++ * This is a faster version of idl_id_is_in_idlist. ++ * idl_id_is_in_idlist uses an array of ID so lookup is expensive ++ * idl_id_is_in_idlist_ranges uses a list of ranges of ID lookup is faster ++ * returns ++ * 1: 'id' is present in idrange_list ++ * 0: 'id' is not present in idrange_list ++ */ ++int ++idl_id_is_in_idlist_ranges(IDList *idl, IdRange_t *idrange_list, ID id) ++{ ++ IdRange_t *range = idrange_list; ++ int found = 0; ++ ++ if (NULL == idl || NOID == id) { ++ return 0; /* not in the list */ ++ } ++ if (ALLIDS(idl)) { ++ return 1; /* in the list */ ++ } ++ ++ for(;range; range = range->next) { ++ if (id > range->last) { ++ /* check if it belongs to the next range */ ++ continue; ++ } ++ if (id >= range->first) { ++ /* It belongs to that range [first..last ] */ ++ found = 1; ++ break; ++ } else { ++ /* this range is after id */ ++ break; ++ } ++ } ++ return found; ++} ++ ++/* This function is used during the online total initialisation ++ * (see next function) ++ * It frees all ranges of ID in the list ++ */ ++void idrange_free(IdRange_t **head) ++{ ++ IdRange_t *curr, *sav; ++ ++ if ((head == NULL) || (*head == NULL)) { ++ return; ++ } ++ curr = *head; ++ sav = NULL; ++ for (; curr;) { ++ sav = curr; ++ curr = curr->next; ++ slapi_ch_free((void *) &sav); ++ } ++ if (sav) { ++ slapi_ch_free((void *) &sav); ++ } ++ *head = NULL; ++} ++ ++/* This function is used during the online total initialisation ++ * Because a MODRDN can move entries under a parent that ++ * has a higher ID we need to sort the IDList so that parents ++ * are sent, to the consumer, before the children are sent. ++ * The sorting with a simple IDlist does not scale instead ++ * a list of IDs ranges is much faster. ++ * In that list we only ADD/lookup ID. ++ */ ++IdRange_t *idrange_add_id(IdRange_t **head, ID id) ++{ ++ if (head == NULL) { ++ slapi_log_err(SLAPI_LOG_ERR, "idrange_add_id", ++ "Can not add ID %d in non defined list\n", id); ++ return NULL; ++ } ++ ++ if (*head == NULL) { ++ /* This is the first range */ ++ IdRange_t *new_range = (IdRange_t *)slapi_ch_malloc(sizeof(IdRange_t)); ++ new_range->first = id; ++ new_range->last = id; ++ new_range->next = NULL; ++ *head = new_range; ++ return *head; ++ } ++ ++ IdRange_t *curr = *head, *prev = NULL; ++ ++ /* First, find if id already falls within any existing range, or it is adjacent to any */ ++ while (curr) { ++ if (id >= curr->first && id <= curr->last) { ++ /* inside a range, nothing to do */ ++ return curr; ++ } ++ ++ if (id == curr->last + 1) { ++ /* Extend this range upwards */ ++ curr->last = id; ++ ++ /* Check for possible merge with next range */ ++ IdRange_t *next = curr->next; ++ if (next && curr->last + 1 >= next->first) { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) merge current with next range [%d..%d]\n", id, curr->first, curr->last); ++ curr->last = (next->last > curr->last) ? next->last : curr->last; ++ curr->next = next->next; ++ slapi_ch_free((void*) &next); ++ } else { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) extend forward current range [%d..%d]\n", id, curr->first, curr->last); ++ } ++ return curr; ++ } ++ ++ if (id + 1 == curr->first) { ++ /* Extend this range downwards */ ++ curr->first = id; ++ ++ /* Check for possible merge with previous range */ ++ if (prev && prev->last + 1 >= curr->first) { ++ prev->last = curr->last; ++ prev->next = curr->next; ++ slapi_ch_free((void *) &curr); ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) merge current with previous range [%d..%d]\n", id, prev->first, prev->last); ++ return prev; ++ } else { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) extend backward current range [%d..%d]\n", id, curr->first, curr->last); ++ return curr; ++ } ++ } ++ ++ /* If id is before the current range, break so we can insert before */ ++ if (id < curr->first) { ++ break; ++ } ++ ++ prev = curr; ++ curr = curr->next; ++ } ++ /* Need to insert a new standalone IdRange */ ++ IdRange_t *new_range = (IdRange_t *)slapi_ch_malloc(sizeof(IdRange_t)); ++ new_range->first = id; ++ new_range->last = id; ++ new_range->next = curr; ++ ++ if (prev) { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) add new range [%d..%d]\n", id, new_range->first, new_range->last); ++ prev->next = new_range; ++ } else { ++ /* Insert at head */ ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) head range [%d..%d]\n", id, new_range->first, new_range->last); ++ *head = new_range; ++ } ++ return *head; ++} ++ ++ + int + idl_id_is_in_idlist(IDList *idl, ID id) + { +diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c +index 5fbcaff2e..2d978353f 100644 +--- a/ldap/servers/slapd/back-ldbm/idl_new.c ++++ b/ldap/servers/slapd/back-ldbm/idl_new.c +@@ -417,7 +417,6 @@ idl_new_range_fetch( + { + int ret = 0; + int ret2 = 0; +- int idl_rc = 0; + dbi_cursor_t cursor = {0}; + IDList *idl = NULL; + dbi_val_t cur_key = {0}; +@@ -436,6 +435,7 @@ idl_new_range_fetch( + size_t leftoverlen = 32; + size_t leftovercnt = 0; + char *index_id = get_index_name(be, db, ai); ++ IdRange_t *idrange_list = NULL; + + + if (NULL == flag_err) { +@@ -578,10 +578,12 @@ idl_new_range_fetch( + * found entry is the one from the suffix + */ + suffix = key; +- idl_rc = idl_append_extend(&idl, id); +- } else if ((key == suffix) || idl_id_is_in_idlist(idl, key)) { ++ idl_append_extend(&idl, id); ++ idrange_add_id(&idrange_list, id); ++ } else if ((key == suffix) || idl_id_is_in_idlist_ranges(idl, idrange_list, key)) { + /* the parent is the suffix or already in idl. */ +- idl_rc = idl_append_extend(&idl, id); ++ idl_append_extend(&idl, id); ++ idrange_add_id(&idrange_list, id); + } else { + /* Otherwise, keep the {key,id} in leftover array */ + if (!leftover) { +@@ -596,13 +598,7 @@ idl_new_range_fetch( + leftovercnt++; + } + } else { +- idl_rc = idl_append_extend(&idl, id); +- } +- if (idl_rc) { +- slapi_log_err(SLAPI_LOG_ERR, "idl_new_range_fetch", +- "Unable to extend id list (err=%d)\n", idl_rc); +- idl_free(&idl); +- goto error; ++ idl_append_extend(&idl, id); + } + + count++; +@@ -695,21 +691,17 @@ error: + + while(remaining > 0) { + for (size_t i = 0; i < leftovercnt; i++) { +- if (leftover[i].key > 0 && idl_id_is_in_idlist(idl, leftover[i].key) != 0) { ++ if (leftover[i].key > 0 && idl_id_is_in_idlist_ranges(idl, idrange_list, leftover[i].key) != 0) { + /* if the leftover key has its parent in the idl */ +- idl_rc = idl_append_extend(&idl, leftover[i].id); +- if (idl_rc) { +- slapi_log_err(SLAPI_LOG_ERR, "idl_new_range_fetch", +- "Unable to extend id list (err=%d)\n", idl_rc); +- idl_free(&idl); +- return NULL; +- } ++ idl_append_extend(&idl, leftover[i].id); ++ idrange_add_id(&idrange_list, leftover[i].id); + leftover[i].key = 0; + remaining--; + } + } + } + slapi_ch_free((void **)&leftover); ++ idrange_free(&idrange_list); + } + slapi_log_err(SLAPI_LOG_FILTER, "idl_new_range_fetch", + "Found %d candidates; error code is: %d\n", +diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +index 91d61098a..30a7aa11f 100644 +--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h ++++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +@@ -217,6 +217,9 @@ ID idl_firstid(IDList *idl); + ID idl_nextid(IDList *idl, ID id); + int idl_init_private(backend *be, struct attrinfo *a); + int idl_release_private(struct attrinfo *a); ++IdRange_t *idrange_add_id(IdRange_t **head, ID id); ++void idrange_free(IdRange_t **head); ++int idl_id_is_in_idlist_ranges(IDList *idl, IdRange_t *idrange_list, ID id); + int idl_id_is_in_idlist(IDList *idl, ID id); + + idl_iterator idl_iterator_init(const IDList *idl); +-- +2.52.0 + diff --git a/0002-Issue-Revise-paged-result-search-locking.patch b/0002-Issue-Revise-paged-result-search-locking.patch new file mode 100644 index 0000000..e27ced3 --- /dev/null +++ b/0002-Issue-Revise-paged-result-search-locking.patch @@ -0,0 +1,765 @@ +From 446bc42e7b64a8496c2c3fe486f86bba318bed5e Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 7 Jan 2026 16:55:27 -0500 +Subject: [PATCH] Issue - Revise paged result search locking + +Description: + +Move to a single lock approach verses having two locks. This will impact +concurrency when multiple async paged result searches are done on the same +connection, but it simplifies the code and avoids race conditions and +deadlocks. + +Relates: https://github.com/389ds/389-ds-base/issues/7118 + +Reviewed by: progier & tbordaz (Thanks!!) +--- + ldap/servers/slapd/abandon.c | 2 +- + ldap/servers/slapd/opshared.c | 60 ++++---- + ldap/servers/slapd/pagedresults.c | 228 +++++++++++++++++++----------- + ldap/servers/slapd/proto-slap.h | 26 ++-- + ldap/servers/slapd/slap.h | 5 +- + 5 files changed, 187 insertions(+), 134 deletions(-) + +diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c +index 6024fcd31..1f47c531c 100644 +--- a/ldap/servers/slapd/abandon.c ++++ b/ldap/servers/slapd/abandon.c +@@ -179,7 +179,7 @@ do_abandon(Slapi_PBlock *pb) + logpb.tv_sec = -1; + logpb.tv_nsec = -1; + +- if (0 == pagedresults_free_one_msgid(pb_conn, id, pageresult_lock_get_addr(pb_conn))) { ++ if (0 == pagedresults_free_one_msgid(pb_conn, id, PR_NOT_LOCKED)) { + if (log_format != LOG_FORMAT_DEFAULT) { + /* JSON logging */ + logpb.target_op = "Simple Paged Results"; +diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c +index a5cddfd23..bf800f7dc 100644 +--- a/ldap/servers/slapd/opshared.c ++++ b/ldap/servers/slapd/opshared.c +@@ -572,8 +572,8 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + be = be_list[index]; + } + } +- pr_search_result = pagedresults_get_search_result(pb_conn, operation, 0 /*not locked*/, pr_idx); +- estimate = pagedresults_get_search_result_set_size_estimate(pb_conn, operation, pr_idx); ++ pr_search_result = pagedresults_get_search_result(pb_conn, operation, PR_NOT_LOCKED, pr_idx); ++ estimate = pagedresults_get_search_result_set_size_estimate(pb_conn, operation, PR_NOT_LOCKED, pr_idx); + /* Set operation note flags as required. */ + if (pagedresults_get_unindexed(pb_conn, operation, pr_idx)) { + slapi_pblock_set_flag_operation_notes(pb, SLAPI_OP_NOTE_UNINDEXED); +@@ -619,14 +619,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + int32_t tlimit; + slapi_pblock_get(pb, SLAPI_SEARCH_TIMELIMIT, &tlimit); + pagedresults_set_timelimit(pb_conn, operation, (time_t)tlimit, pr_idx); +- /* When using this mutex in conjunction with the main paged +- * result lock, you must do so in this order: +- * +- * --> pagedresults_lock() +- * --> pagedresults_mutex +- * <-- pagedresults_mutex +- * <-- pagedresults_unlock() +- */ ++ /* IMPORTANT: Never acquire pagedresults_mutex when holding c_mutex. */ + pagedresults_mutex = pageresult_lock_get_addr(pb_conn); + } + +@@ -743,17 +736,15 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + if (op_is_pagedresults(operation) && pr_search_result) { + void *sr = NULL; + /* PAGED RESULTS and already have the search results from the prev op */ +- pagedresults_lock(pb_conn, pr_idx); + /* + * In async paged result case, the search result might be released + * by other theads. We need to double check it in the locked region. + */ + pthread_mutex_lock(pagedresults_mutex); +- pr_search_result = pagedresults_get_search_result(pb_conn, operation, 1 /*locked*/, pr_idx); ++ pr_search_result = pagedresults_get_search_result(pb_conn, operation, PR_LOCKED, pr_idx); + if (pr_search_result) { +- if (pagedresults_is_abandoned_or_notavailable(pb_conn, 1 /*locked*/, pr_idx)) { ++ if (pagedresults_is_abandoned_or_notavailable(pb_conn, PR_LOCKED, pr_idx)) { + pthread_mutex_unlock(pagedresults_mutex); +- pagedresults_unlock(pb_conn, pr_idx); + /* Previous operation was abandoned and the simplepaged object is not in use. */ + send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); + rc = LDAP_SUCCESS; +@@ -764,14 +755,13 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + + /* search result could be reset in the backend/dse */ + slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); +- pagedresults_set_search_result(pb_conn, operation, sr, 1 /*locked*/, pr_idx); ++ pagedresults_set_search_result(pb_conn, operation, sr, PR_LOCKED, pr_idx); + } + } else { + pr_stat = PAGEDRESULTS_SEARCH_END; + rc = LDAP_SUCCESS; + } + pthread_mutex_unlock(pagedresults_mutex); +- pagedresults_unlock(pb_conn, pr_idx); + + if ((PAGEDRESULTS_SEARCH_END == pr_stat) || (0 == pnentries)) { + /* no more entries to send in the backend */ +@@ -789,22 +779,22 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } + pagedresults_set_response_control(pb, 0, estimate, + curr_search_count, pr_idx); +- if (pagedresults_get_with_sort(pb_conn, operation, pr_idx)) { ++ if (pagedresults_get_with_sort(pb_conn, operation, PR_NOT_LOCKED, pr_idx)) { + sort_make_sort_response_control(pb, CONN_GET_SORT_RESULT_CODE, NULL); + } + pagedresults_set_search_result_set_size_estimate(pb_conn, + operation, +- estimate, pr_idx); ++ estimate, PR_NOT_LOCKED, pr_idx); + if (PAGEDRESULTS_SEARCH_END == pr_stat) { +- pagedresults_lock(pb_conn, pr_idx); ++ pthread_mutex_lock(pagedresults_mutex); + slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); +- if (!pagedresults_is_abandoned_or_notavailable(pb_conn, 0 /*not locked*/, pr_idx)) { +- pagedresults_free_one(pb_conn, operation, pr_idx); ++ if (!pagedresults_is_abandoned_or_notavailable(pb_conn, PR_LOCKED, pr_idx)) { ++ pagedresults_free_one(pb_conn, operation, PR_LOCKED, pr_idx); + } +- pagedresults_unlock(pb_conn, pr_idx); ++ pthread_mutex_unlock(pagedresults_mutex); + if (next_be) { + /* no more entries, but at least another backend */ +- if (pagedresults_set_current_be(pb_conn, next_be, pr_idx, 0) < 0) { ++ if (pagedresults_set_current_be(pb_conn, next_be, pr_idx, PR_NOT_LOCKED) < 0) { + goto free_and_return; + } + } +@@ -915,7 +905,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } + } + pagedresults_set_search_result(pb_conn, operation, NULL, 1, pr_idx); +- rc = pagedresults_set_current_be(pb_conn, NULL, pr_idx, 1); ++ rc = pagedresults_set_current_be(pb_conn, NULL, pr_idx, PR_LOCKED); + pthread_mutex_unlock(pagedresults_mutex); + #pragma GCC diagnostic pop + } +@@ -954,7 +944,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + pthread_mutex_lock(pagedresults_mutex); + pagedresults_set_search_result(pb_conn, operation, NULL, 1, pr_idx); + be->be_search_results_release(&sr); +- rc = pagedresults_set_current_be(pb_conn, next_be, pr_idx, 1); ++ rc = pagedresults_set_current_be(pb_conn, next_be, pr_idx, PR_LOCKED); + pthread_mutex_unlock(pagedresults_mutex); + pr_stat = PAGEDRESULTS_SEARCH_END; /* make sure stat is SEARCH_END */ + if (NULL == next_be) { +@@ -967,23 +957,23 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } else { + curr_search_count = pnentries; + slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate); +- pagedresults_lock(pb_conn, pr_idx); +- if ((pagedresults_set_current_be(pb_conn, be, pr_idx, 0) < 0) || +- (pagedresults_set_search_result(pb_conn, operation, sr, 0, pr_idx) < 0) || +- (pagedresults_set_search_result_count(pb_conn, operation, curr_search_count, pr_idx) < 0) || +- (pagedresults_set_search_result_set_size_estimate(pb_conn, operation, estimate, pr_idx) < 0) || +- (pagedresults_set_with_sort(pb_conn, operation, with_sort, pr_idx) < 0)) { +- pagedresults_unlock(pb_conn, pr_idx); ++ pthread_mutex_lock(pagedresults_mutex); ++ if ((pagedresults_set_current_be(pb_conn, be, pr_idx, PR_LOCKED) < 0) || ++ (pagedresults_set_search_result(pb_conn, operation, sr, PR_LOCKED, pr_idx) < 0) || ++ (pagedresults_set_search_result_count(pb_conn, operation, curr_search_count, PR_LOCKED, pr_idx) < 0) || ++ (pagedresults_set_search_result_set_size_estimate(pb_conn, operation, estimate, PR_LOCKED, pr_idx) < 0) || ++ (pagedresults_set_with_sort(pb_conn, operation, with_sort, PR_LOCKED, pr_idx) < 0)) { ++ pthread_mutex_unlock(pagedresults_mutex); + cache_return_target_entry(pb, be, operation); + goto free_and_return; + } +- pagedresults_unlock(pb_conn, pr_idx); ++ pthread_mutex_unlock(pagedresults_mutex); + } + slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); + next_be = NULL; /* to break the loop */ + if (operation->o_status & SLAPI_OP_STATUS_ABANDONED) { + /* It turned out this search was abandoned. */ +- pagedresults_free_one_msgid(pb_conn, operation->o_msgid, pagedresults_mutex); ++ pagedresults_free_one_msgid(pb_conn, operation->o_msgid, PR_NOT_LOCKED); + /* paged-results-request was abandoned; making an empty cookie. */ + pagedresults_set_response_control(pb, 0, estimate, -1, pr_idx); + send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); +@@ -993,7 +983,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } + pagedresults_set_response_control(pb, 0, estimate, curr_search_count, pr_idx); + if (curr_search_count == -1) { +- pagedresults_free_one(pb_conn, operation, pr_idx); ++ pagedresults_free_one(pb_conn, operation, PR_NOT_LOCKED, pr_idx); + } + } + +diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c +index 941ab97e3..0d6c4a1aa 100644 +--- a/ldap/servers/slapd/pagedresults.c ++++ b/ldap/servers/slapd/pagedresults.c +@@ -34,9 +34,9 @@ pageresult_lock_cleanup() + slapi_ch_free((void**)&lock_hash); + } + +-/* Beware to the lock order with c_mutex: +- * c_mutex is sometime locked while holding pageresult_lock +- * ==> Do not lock pageresult_lock when holing c_mutex ++/* Lock ordering constraint with c_mutex: ++ * c_mutex is sometimes locked while holding pageresult_lock. ++ * Therefore: DO NOT acquire pageresult_lock when holding c_mutex. + */ + pthread_mutex_t * + pageresult_lock_get_addr(Connection *conn) +@@ -44,7 +44,11 @@ pageresult_lock_get_addr(Connection *conn) + return &lock_hash[(((size_t)conn)/sizeof (Connection))%LOCK_HASH_SIZE]; + } + +-/* helper function to clean up one prp slot */ ++/* helper function to clean up one prp slot ++ * ++ * NOTE: This function must be called while holding the pageresult_lock ++ * (via pageresult_lock_get_addr(conn)) to ensure thread-safe cleanup. ++ */ + static void + _pr_cleanup_one_slot(PagedResults *prp) + { +@@ -56,7 +60,7 @@ _pr_cleanup_one_slot(PagedResults *prp) + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); + } + +- /* clean up the slot except the mutex */ ++ /* clean up the slot */ + prp->pr_current_be = NULL; + prp->pr_search_result_set = NULL; + prp->pr_search_result_count = 0; +@@ -136,6 +140,8 @@ pagedresults_parse_control_value(Slapi_PBlock *pb, + return LDAP_UNWILLING_TO_PERFORM; + } + ++ /* Acquire hash-based lock for paged results list access ++ * IMPORTANT: Never acquire this lock when holding c_mutex */ + pthread_mutex_lock(pageresult_lock_get_addr(conn)); + /* the ber encoding is no longer needed */ + ber_free(ber, 1); +@@ -184,10 +190,6 @@ pagedresults_parse_control_value(Slapi_PBlock *pb, + goto bail; + } + +- if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen) && +- !conn->c_pagedresults.prl_list[*index].pr_mutex) { +- conn->c_pagedresults.prl_list[*index].pr_mutex = PR_NewLock(); +- } + conn->c_pagedresults.prl_count++; + } else { + /* Repeated paged results request. +@@ -327,8 +329,14 @@ bailout: + "<= idx=%d\n", index); + } + ++/* ++ * Free one paged result entry by index. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_free_one(Connection *conn, Operation *op, int index) ++pagedresults_free_one(Connection *conn, Operation *op, bool locked, int index) + { + int rc = -1; + +@@ -338,7 +346,9 @@ pagedresults_free_one(Connection *conn, Operation *op, int index) + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_free_one", + "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (conn->c_pagedresults.prl_count <= 0) { + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_free_one", + "conn=%" PRIu64 " paged requests list count is %d\n", +@@ -349,7 +359,9 @@ pagedresults_free_one(Connection *conn, Operation *op, int index) + conn->c_pagedresults.prl_count--; + rc = 0; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_free_one", "<= %d\n", rc); +@@ -357,21 +369,28 @@ pagedresults_free_one(Connection *conn, Operation *op, int index) + } + + /* +- * Used for abandoning - pageresult_lock_get_addr(conn) is already locked in do_abandone. ++ * Free one paged result entry by message ID. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. + */ + int +-pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t *mutex) ++pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, bool locked) + { + int rc = -1; + int i; ++ pthread_mutex_t *lock = NULL; + + if (conn && (msgid > -1)) { + if (conn->c_pagedresults.prl_maxlen <= 0) { + ; /* Not a paged result. */ + } else { + slapi_log_err(SLAPI_LOG_TRACE, +- "pagedresults_free_one_msgid_nolock", "=> msgid=%d\n", msgid); +- pthread_mutex_lock(mutex); ++ "pagedresults_free_one_msgid", "=> msgid=%d\n", msgid); ++ lock = pageresult_lock_get_addr(conn); ++ if (!locked) { ++ pthread_mutex_lock(lock); ++ } + for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) { + if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) { + PagedResults *prp = conn->c_pagedresults.prl_list + i; +@@ -390,9 +409,11 @@ pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t * + break; + } + } +- pthread_mutex_unlock(mutex); ++ if (!locked) { ++ pthread_mutex_unlock(lock); ++ } + slapi_log_err(SLAPI_LOG_TRACE, +- "pagedresults_free_one_msgid_nolock", "<= %d\n", rc); ++ "pagedresults_free_one_msgid", "<= %d\n", rc); + } + } + +@@ -418,29 +439,43 @@ pagedresults_get_current_be(Connection *conn, int index) + return be; + } + ++/* ++ * Set current backend for a paged result entry. ++ * ++ * Locking: If locked=false, acquires pageresult_lock. If locked=true, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock) ++pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, bool locked) + { + int rc = -1; + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_current_be", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- if (!nolock) ++ if (!locked) { + pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + conn->c_pagedresults.prl_list[index].pr_current_be = be; + } + rc = 0; +- if (!nolock) ++ if (!locked) { + pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_current_be", "<= %d\n", rc); + return rc; + } + ++/* ++ * Get search result set for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + void * +-pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index) ++pagedresults_get_search_result(Connection *conn, Operation *op, bool locked, int index) + { + void *sr = NULL; + if (!op_is_pagedresults(op)) { +@@ -465,8 +500,14 @@ pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int + return sr; + } + ++/* ++ * Set search result set for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index) ++pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, bool locked, int index) + { + int rc = -1; + if (!op_is_pagedresults(op)) { +@@ -494,8 +535,14 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int lo + return rc; + } + ++/* ++ * Get search result count for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_get_search_result_count(Connection *conn, Operation *op, int index) ++pagedresults_get_search_result_count(Connection *conn, Operation *op, bool locked, int index) + { + int count = 0; + if (!op_is_pagedresults(op)) { +@@ -504,19 +551,29 @@ pagedresults_get_search_result_count(Connection *conn, Operation *op, int index) + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_search_result_count", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + count = conn->c_pagedresults.prl_list[index].pr_search_result_count; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_search_result_count", "<= %d\n", count); + return count; + } + ++/* ++ * Set search result count for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, int index) ++pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, bool locked, int index) + { + int rc = -1; + if (!op_is_pagedresults(op)) { +@@ -525,11 +582,15 @@ pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_search_result_count", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + conn->c_pagedresults.prl_list[index].pr_search_result_count = count; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + rc = 0; + } + slapi_log_err(SLAPI_LOG_TRACE, +@@ -537,9 +598,16 @@ pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, + return rc; + } + ++/* ++ * Get search result set size estimate for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int + pagedresults_get_search_result_set_size_estimate(Connection *conn, + Operation *op, ++ bool locked, + int index) + { + int count = 0; +@@ -550,11 +618,15 @@ pagedresults_get_search_result_set_size_estimate(Connection *conn, + "pagedresults_get_search_result_set_size_estimate", + "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + count = conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_search_result_set_size_estimate", "<= %d\n", +@@ -562,10 +634,17 @@ pagedresults_get_search_result_set_size_estimate(Connection *conn, + return count; + } + ++/* ++ * Set search result set size estimate for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int + pagedresults_set_search_result_set_size_estimate(Connection *conn, + Operation *op, + int count, ++ bool locked, + int index) + { + int rc = -1; +@@ -576,11 +655,15 @@ pagedresults_set_search_result_set_size_estimate(Connection *conn, + "pagedresults_set_search_result_set_size_estimate", + "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate = count; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + rc = 0; + } + slapi_log_err(SLAPI_LOG_TRACE, +@@ -589,8 +672,14 @@ pagedresults_set_search_result_set_size_estimate(Connection *conn, + return rc; + } + ++/* ++ * Get with_sort flag for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_get_with_sort(Connection *conn, Operation *op, int index) ++pagedresults_get_with_sort(Connection *conn, Operation *op, bool locked, int index) + { + int flags = 0; + if (!op_is_pagedresults(op)) { +@@ -599,19 +688,29 @@ pagedresults_get_with_sort(Connection *conn, Operation *op, int index) + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_with_sort", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + flags = conn->c_pagedresults.prl_list[index].pr_flags & CONN_FLAG_PAGEDRESULTS_WITH_SORT; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_with_sort", "<= %d\n", flags); + return flags; + } + ++/* ++ * Set with_sort flag for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, int index) ++pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, bool locked, int index) + { + int rc = -1; + if (!op_is_pagedresults(op)) { +@@ -620,14 +719,18 @@ pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, int index + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_with_sort", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + if (flags & OP_FLAG_SERVER_SIDE_SORTING) { + conn->c_pagedresults.prl_list[index].pr_flags |= + CONN_FLAG_PAGEDRESULTS_WITH_SORT; + } + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + rc = 0; + } + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_set_with_sort", "<= %d\n", rc); +@@ -802,10 +905,6 @@ pagedresults_cleanup(Connection *conn, int needlock) + rc = 1; + } + prp->pr_current_be = NULL; +- if (prp->pr_mutex) { +- PR_DestroyLock(prp->pr_mutex); +- prp->pr_mutex = NULL; +- } + memset(prp, '\0', sizeof(PagedResults)); + } + conn->c_pagedresults.prl_count = 0; +@@ -840,10 +939,6 @@ pagedresults_cleanup_all(Connection *conn, int needlock) + i < conn->c_pagedresults.prl_maxlen; + i++) { + prp = conn->c_pagedresults.prl_list + i; +- if (prp->pr_mutex) { +- PR_DestroyLock(prp->pr_mutex); +- prp->pr_mutex = NULL; +- } + if (prp->pr_current_be && prp->pr_search_result_set && + prp->pr_current_be->be_search_results_release) { + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); +@@ -1010,43 +1105,8 @@ op_set_pagedresults(Operation *op) + op->o_flags |= OP_FLAG_PAGED_RESULTS; + } + +-/* +- * pagedresults_lock/unlock -- introduced to protect search results for the +- * asynchronous searches. Do not call these functions while the PR conn lock +- * is held (e.g. pageresult_lock_get_addr(conn)) +- */ +-void +-pagedresults_lock(Connection *conn, int index) +-{ +- PagedResults *prp; +- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { +- return; +- } +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); +- prp = conn->c_pagedresults.prl_list + index; +- if (prp->pr_mutex) { +- PR_Lock(prp->pr_mutex); +- } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); +-} +- +-void +-pagedresults_unlock(Connection *conn, int index) +-{ +- PagedResults *prp; +- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { +- return; +- } +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); +- prp = conn->c_pagedresults.prl_list + index; +- if (prp->pr_mutex) { +- PR_Unlock(prp->pr_mutex); +- } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); +-} +- + int +-pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index) ++pagedresults_is_abandoned_or_notavailable(Connection *conn, bool locked, int index) + { + PagedResults *prp; + int32_t result; +@@ -1066,7 +1126,7 @@ pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int inde + } + + int +-pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked) ++pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, bool locked) + { + int rc = -1; + Connection *conn = NULL; +diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h +index 765c12bf5..455d6d718 100644 +--- a/ldap/servers/slapd/proto-slap.h ++++ b/ldap/servers/slapd/proto-slap.h +@@ -1614,20 +1614,22 @@ pthread_mutex_t *pageresult_lock_get_addr(Connection *conn); + int pagedresults_parse_control_value(Slapi_PBlock *pb, struct berval *psbvp, ber_int_t *pagesize, int *index, Slapi_Backend *be); + void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical, ber_int_t estimate, int curr_search_count, int index); + Slapi_Backend *pagedresults_get_current_be(Connection *conn, int index); +-int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock); +-void *pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index); +-int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index); +-int pagedresults_get_search_result_count(Connection *conn, Operation *op, int index); +-int pagedresults_set_search_result_count(Connection *conn, Operation *op, int cnt, int index); ++int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, bool locked); ++void *pagedresults_get_search_result(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, bool locked, int index); ++int pagedresults_get_search_result_count(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_set_search_result_count(Connection *conn, Operation *op, int cnt, bool locked, int index); + int pagedresults_get_search_result_set_size_estimate(Connection *conn, + Operation *op, ++ bool locked, + int index); + int pagedresults_set_search_result_set_size_estimate(Connection *conn, + Operation *op, + int cnt, ++ bool locked, + int index); +-int pagedresults_get_with_sort(Connection *conn, Operation *op, int index); +-int pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, int index); ++int pagedresults_get_with_sort(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, bool locked, int index); + int pagedresults_get_unindexed(Connection *conn, Operation *op, int index); + int pagedresults_set_unindexed(Connection *conn, Operation *op, int index); + int pagedresults_get_sort_result_code(Connection *conn, Operation *op, int index); +@@ -1639,15 +1641,13 @@ int pagedresults_cleanup(Connection *conn, int needlock); + int pagedresults_is_timedout_nolock(Connection *conn); + int pagedresults_reset_timedout_nolock(Connection *conn); + int pagedresults_in_use_nolock(Connection *conn); +-int pagedresults_free_one(Connection *conn, Operation *op, int index); +-int pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t *mutex); ++int pagedresults_free_one(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, bool locked); + int op_is_pagedresults(Operation *op); + int pagedresults_cleanup_all(Connection *conn, int needlock); + void op_set_pagedresults(Operation *op); +-void pagedresults_lock(Connection *conn, int index); +-void pagedresults_unlock(Connection *conn, int index); +-int pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index); +-int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked); ++int pagedresults_is_abandoned_or_notavailable(Connection *conn, bool locked, int index); ++int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, bool locked); + + /* + * sort.c +diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h +index 11c5602e3..d494931c2 100644 +--- a/ldap/servers/slapd/slap.h ++++ b/ldap/servers/slapd/slap.h +@@ -89,6 +89,10 @@ static char ptokPBE[34] = "Internal (Software) Token "; + #include + #include /* For timespec definitions */ + ++/* Macros for paged results lock parameter */ ++#define PR_LOCKED true ++#define PR_NOT_LOCKED false ++ + /* Provides our int types and platform specific requirements. */ + #include + +@@ -1669,7 +1673,6 @@ typedef struct _paged_results + struct timespec pr_timelimit_hr; /* expiry time of this request rel to clock monotonic */ + int pr_flags; + ber_int_t pr_msgid; /* msgid of the request; to abandon */ +- PRLock *pr_mutex; /* protect each conn structure */ + } PagedResults; + + /* array of simple paged structure stashed in connection */ +-- +2.52.0 + diff --git a/0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch b/0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch new file mode 100644 index 0000000..bb2127c --- /dev/null +++ b/0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch @@ -0,0 +1,183 @@ +From 4936f953fa3b0726c2b178f135cd78dcac7463ba Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Thu, 8 Jan 2026 10:02:39 -0800 +Subject: [PATCH] Issue 7108 - Fix shutdown crash in entry cache destruction + (#7163) + +Description: The entry cache could experience LRU list corruption when +using pinned entries, leading to crashes during cache flush operations. + +In entrycache_add_int(), when returning an existing cached entry, the +code checked the wrong entry's state before calling lru_delete(). It +checked the new entry 'e' but operated on the existing entry 'my_alt', +causing lru_delete() to be called on entries not in the LRU list. This +is fixed by checking my_alt's refcnt and pinned state instead. + +In flush_hash(), pinned_remove() and lru_delete() were both called on +pinned entries. Since pinned entries are in the pinned list, calling +lru_delete() afterwards corrupted the list. This is fixed by calling +either pinned_remove() or lru_delete() based on the entry's state. + +A NULL check is added in entrycache_flush() and dncache_flush() to +gracefully handle corrupted LRU lists and prevent crashes when +traversing backwards through the list encounters an unexpected NULL. + +Entry pointers are now always cleared after lru_delete() removal to +prevent stale pointer issues in non-debug builds. + +Fixes: https://github.com/389ds/389-ds-base/issues/7108 + +Reviewed by: @progier389, @vashirov (Thanks!!) +--- + ldap/servers/slapd/back-ldbm/cache.c | 48 +++++++++++++++++++++++++--- + 1 file changed, 43 insertions(+), 5 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/cache.c b/ldap/servers/slapd/back-ldbm/cache.c +index 2e4126134..a87f30687 100644 +--- a/ldap/servers/slapd/back-ldbm/cache.c ++++ b/ldap/servers/slapd/back-ldbm/cache.c +@@ -458,11 +458,13 @@ static void + lru_delete(struct cache *cache, void *ptr) + { + struct backcommon *e; ++ + if (NULL == ptr) { + LOG("=> lru_delete\n<= lru_delete (null entry)\n"); + return; + } + e = (struct backcommon *)ptr; ++ + #ifdef LDAP_CACHE_DEBUG_LRU + pinned_verify(cache, __LINE__); + lru_verify(cache, e, 1); +@@ -475,8 +477,9 @@ lru_delete(struct cache *cache, void *ptr) + e->ep_lrunext->ep_lruprev = e->ep_lruprev; + else + cache->c_lrutail = e->ep_lruprev; +-#ifdef LDAP_CACHE_DEBUG_LRU ++ /* Always clear pointers after removal to prevent stale pointer issues */ + e->ep_lrunext = e->ep_lruprev = NULL; ++#ifdef LDAP_CACHE_DEBUG_LRU + lru_verify(cache, e, 0); + #endif + } +@@ -633,9 +636,14 @@ flush_hash(struct cache *cache, struct timespec *start_time, int32_t type) + if (entry->ep_refcnt == 0) { + entry->ep_refcnt++; + if (entry->ep_state & ENTRY_STATE_PINNED) { ++ /* Entry is in pinned list, not LRU - remove from pinned only. ++ * pinned_remove clears lru pointers and won't add to LRU since refcnt > 0. ++ */ + pinned_remove(cache, laste); ++ } else { ++ /* Entry is in LRU list - remove from LRU */ ++ lru_delete(cache, laste); + } +- lru_delete(cache, laste); + if (type == ENTRY_CACHE) { + entrycache_remove_int(cache, laste); + entrycache_return(cache, (struct backentry **)&laste, PR_TRUE); +@@ -679,9 +687,14 @@ flush_hash(struct cache *cache, struct timespec *start_time, int32_t type) + if (entry->ep_refcnt == 0) { + entry->ep_refcnt++; + if (entry->ep_state & ENTRY_STATE_PINNED) { ++ /* Entry is in pinned list, not LRU - remove from pinned only. ++ * pinned_remove clears lru pointers and won't add to LRU since refcnt > 0. ++ */ + pinned_remove(cache, laste); ++ } else { ++ /* Entry is in LRU list - remove from LRU */ ++ lru_delete(cache, laste); + } +- lru_delete(cache, laste); + entrycache_remove_int(cache, laste); + entrycache_return(cache, (struct backentry **)&laste, PR_TRUE); + } else { +@@ -772,6 +785,11 @@ entrycache_flush(struct cache *cache) + } else { + e = BACK_LRU_PREV(e, struct backentry *); + } ++ if (e == NULL) { ++ slapi_log_err(SLAPI_LOG_WARNING, "entrycache_flush", ++ "Unexpected NULL entry while flushing cache - LRU list may be corrupted\n"); ++ break; ++ } + ASSERT(e->ep_refcnt == 0); + e->ep_refcnt++; + if (entrycache_remove_int(cache, e) < 0) { +@@ -1160,6 +1178,7 @@ pinned_remove(struct cache *cache, void *ptr) + { + struct backentry *e = (struct backentry *)ptr; + ASSERT(e->ep_state & ENTRY_STATE_PINNED); ++ + cache->c_pinned_ctx->npinned--; + cache->c_pinned_ctx->size -= e->ep_size; + e->ep_state &= ~ENTRY_STATE_PINNED; +@@ -1172,13 +1191,23 @@ pinned_remove(struct cache *cache, void *ptr) + cache->c_pinned_ctx->head = cache->c_pinned_ctx->tail = NULL; + } else { + cache->c_pinned_ctx->head = BACK_LRU_NEXT(e, struct backentry *); ++ /* Update new head's prev pointer to NULL */ ++ if (cache->c_pinned_ctx->head) { ++ cache->c_pinned_ctx->head->ep_lruprev = NULL; ++ } + } + } else if (cache->c_pinned_ctx->tail == e) { + cache->c_pinned_ctx->tail = BACK_LRU_PREV(e, struct backentry *); ++ /* Update new tail's next pointer to NULL */ ++ if (cache->c_pinned_ctx->tail) { ++ cache->c_pinned_ctx->tail->ep_lrunext = NULL; ++ } + } else { ++ /* Middle of list: update both neighbors to point to each other */ + BACK_LRU_PREV(e, struct backentry *)->ep_lrunext = BACK_LRU_NEXT(e, struct backcommon *); + BACK_LRU_NEXT(e, struct backentry *)->ep_lruprev = BACK_LRU_PREV(e, struct backcommon *); + } ++ /* Clear the removed entry's pointers */ + e->ep_lrunext = e->ep_lruprev = NULL; + if (e->ep_refcnt == 0) { + lru_add(cache, ptr); +@@ -1245,6 +1274,7 @@ pinned_add(struct cache *cache, void *ptr) + return false; + } + /* Now it is time to insert the entry in the pinned list */ ++ + cache->c_pinned_ctx->npinned++; + cache->c_pinned_ctx->size += e->ep_size; + e->ep_state |= ENTRY_STATE_PINNED; +@@ -1754,7 +1784,7 @@ entrycache_add_int(struct cache *cache, struct backentry *e, int state, struct b + * 3) ep_state: 0 && state: 0 + * ==> increase the refcnt + */ +- if (e->ep_refcnt == 0) ++ if (e->ep_refcnt == 0 && (e->ep_state & ENTRY_STATE_PINNED) == 0) + lru_delete(cache, (void *)e); + e->ep_refcnt++; + e->ep_state &= ~ENTRY_STATE_UNAVAILABLE; +@@ -1781,7 +1811,7 @@ entrycache_add_int(struct cache *cache, struct backentry *e, int state, struct b + } else { + if (alt) { + *alt = my_alt; +- if (e->ep_refcnt == 0 && (e->ep_state & ENTRY_STATE_PINNED) == 0) ++ if (my_alt->ep_refcnt == 0 && (my_alt->ep_state & ENTRY_STATE_PINNED) == 0) + lru_delete(cache, (void *)*alt); + (*alt)->ep_refcnt++; + LOG("the entry %s already exists. returning existing entry %s (state: 0x%x)\n", +@@ -2379,6 +2409,14 @@ dncache_flush(struct cache *cache) + } else { + dn = BACK_LRU_PREV(dn, struct backdn *); + } ++ if (dn == NULL) { ++ /* Safety check: we should normally exit via the CACHE_LRU_HEAD check. ++ * If we get here, c_lruhead may be NULL or the LRU list is corrupted. ++ */ ++ slapi_log_err(SLAPI_LOG_WARNING, "dncache_flush", ++ "Unexpected NULL entry while flushing cache - LRU list may be corrupted\n"); ++ break; ++ } + ASSERT(dn->ep_refcnt == 0); + dn->ep_refcnt++; + if (dncache_remove_int(cache, dn) < 0) { +-- +2.52.0 + diff --git a/0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch b/0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch new file mode 100644 index 0000000..2ea800b --- /dev/null +++ b/0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch @@ -0,0 +1,215 @@ +From 742c12e0247ab64e87da000a4de2f3e5c99044ab Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Fri, 9 Jan 2026 11:39:50 +0100 +Subject: [PATCH] Issue 7172 - Index ordering mismatch after upgrade (#7173) + +Bug Description: +Commit daf731f55071d45eaf403a52b63d35f4e699ff28 introduced a regression. +After upgrading to a version that adds `integerOrderingMatch` matching +rule to `parentid` and `ancestorid` indexes, searches may return empty +or incorrect results. + +This happens because the existing index data was created with +lexicographic ordering, but the new compare function expects integer +ordering. Index lookups fail because the compare function doesn't match +the data ordering. +The root cause is that `ldbm_instance_create_default_indexes()` calls +`attr_index_config()` unconditionally for `parentid` and `ancestorid` +indexes, which triggers `ainfo_dup()` to overwrite `ai_key_cmp_fn` on +existing indexes. This breaks indexes that were created without the +`integerOrderingMatch` matching rule. + +Fix Description: +* Call `attr_index_config()` for `parentid` and `ancestorid` indexes +only if index config doesn't exist. + +* Add `upgrade_check_id_index_matching_rule()` that logs an error on +server startup if `parentid` or `ancestorid` indexes are missing the +integerOrderingMatch matching rule, advising administrators to reindex. + +Fixes: https://github.com/389ds/389-ds-base/issues/7172 + +Reviewed by: @tbordaz, @progier389, @droideck (Thanks!) +--- + ldap/servers/slapd/back-ldbm/instance.c | 25 ++++-- + ldap/servers/slapd/upgrade.c | 107 +++++++++++++++++++++++- + 2 files changed, 123 insertions(+), 9 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c +index cb002c379..71bf0f6fa 100644 +--- a/ldap/servers/slapd/back-ldbm/instance.c ++++ b/ldap/servers/slapd/back-ldbm/instance.c +@@ -190,6 +190,7 @@ ldbm_instance_create_default_indexes(backend *be) + char *ancestorid_indexes_limit = NULL; + char *parentid_indexes_limit = NULL; + struct attrinfo *ai = NULL; ++ struct attrinfo *index_already_configured = NULL; + struct index_idlistsizeinfo *iter; + int cookie; + int limit; +@@ -248,10 +249,14 @@ ldbm_instance_create_default_indexes(backend *be) + ldbm_instance_config_add_index_entry(inst, e, flags); + slapi_entry_free(e); + +- e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR, "eq", 0, 0, 0, "integerOrderingMatch", parentid_indexes_limit); +- ldbm_instance_config_add_index_entry(inst, e, flags); +- attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); +- slapi_entry_free(e); ++ ainfo_get(be, (char *)LDBM_PARENTID_STR, &ai); ++ index_already_configured = ai; ++ if (!index_already_configured) { ++ e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR, "eq", 0, 0, 0, "integerOrderingMatch", parentid_indexes_limit); ++ ldbm_instance_config_add_index_entry(inst, e, flags); ++ attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); ++ slapi_entry_free(e); ++ } + + e = ldbm_instance_init_config_entry("objectclass", "eq", 0, 0, 0, 0, 0); + ldbm_instance_config_add_index_entry(inst, e, flags); +@@ -288,10 +293,14 @@ ldbm_instance_create_default_indexes(backend *be) + * ancestorid is special, there is actually no such attr type + * but we still want to use the attr index file APIs. + */ +- e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch", ancestorid_indexes_limit); +- ldbm_instance_config_add_index_entry(inst, e, flags); +- attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); +- slapi_entry_free(e); ++ ainfo_get(be, (char *)LDBM_ANCESTORID_STR, &ai); ++ index_already_configured = ai; ++ if (!index_already_configured) { ++ e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch", ancestorid_indexes_limit); ++ ldbm_instance_config_add_index_entry(inst, e, flags); ++ attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); ++ slapi_entry_free(e); ++ } + + slapi_ch_free_string(&ancestorid_indexes_limit); + slapi_ch_free_string(&parentid_indexes_limit); +diff --git a/ldap/servers/slapd/upgrade.c b/ldap/servers/slapd/upgrade.c +index 858392564..b02e37ed6 100644 +--- a/ldap/servers/slapd/upgrade.c ++++ b/ldap/servers/slapd/upgrade.c +@@ -330,6 +330,107 @@ upgrade_remove_subtree_rename(void) + return UPGRADE_SUCCESS; + } + ++/* ++ * Check if parentid/ancestorid indexes are missing the integerOrderingMatch ++ * matching rule. ++ * ++ * This function logs a warning if we detect this condition, advising ++ * the administrator to reindex the affected attributes. ++ */ ++static upgrade_status ++upgrade_check_id_index_matching_rule(void) ++{ ++ struct slapi_pblock *pb = slapi_pblock_new(); ++ Slapi_Entry **backends = NULL; ++ const char *be_base_dn = "cn=ldbm database,cn=plugins,cn=config"; ++ const char *be_filter = "(objectclass=nsBackendInstance)"; ++ const char *attrs_to_check[] = {"parentid", "ancestorid", NULL}; ++ upgrade_status uresult = UPGRADE_SUCCESS; ++ ++ /* Search for all backend instances */ ++ slapi_search_internal_set_pb( ++ pb, be_base_dn, ++ LDAP_SCOPE_ONELEVEL, ++ be_filter, NULL, 0, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_search_internal_pb(pb); ++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &backends); ++ ++ if (backends) { ++ for (size_t be_idx = 0; backends[be_idx] != NULL; be_idx++) { ++ const char *be_name = slapi_entry_attr_get_ref(backends[be_idx], "cn"); ++ if (!be_name) { ++ continue; ++ } ++ ++ /* Check each attribute that should have integerOrderingMatch */ ++ for (size_t attr_idx = 0; attrs_to_check[attr_idx] != NULL; attr_idx++) { ++ const char *attr_name = attrs_to_check[attr_idx]; ++ struct slapi_pblock *idx_pb = slapi_pblock_new(); ++ Slapi_Entry **idx_entries = NULL; ++ char *idx_dn = slapi_create_dn_string("cn=%s,cn=index,cn=%s,%s", ++ attr_name, be_name, be_base_dn); ++ char *idx_filter = "(objectclass=nsIndex)"; ++ PRBool has_matching_rule = PR_FALSE; ++ ++ if (!idx_dn) { ++ slapi_pblock_destroy(idx_pb); ++ continue; ++ } ++ ++ slapi_search_internal_set_pb( ++ idx_pb, idx_dn, ++ LDAP_SCOPE_BASE, ++ idx_filter, NULL, 0, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_search_internal_pb(idx_pb); ++ slapi_pblock_get(idx_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &idx_entries); ++ ++ if (idx_entries && idx_entries[0]) { ++ /* Index exists, check if it has integerOrderingMatch */ ++ Slapi_Attr *mr_attr = NULL; ++ if (slapi_entry_attr_find(idx_entries[0], "nsMatchingRule", &mr_attr) == 0) { ++ Slapi_Value *sval = NULL; ++ int idx; ++ for (idx = slapi_attr_first_value(mr_attr, &sval); ++ idx != -1; ++ idx = slapi_attr_next_value(mr_attr, idx, &sval)) { ++ const struct berval *bval = slapi_value_get_berval(sval); ++ if (bval && bval->bv_val && ++ strcasecmp(bval->bv_val, "integerOrderingMatch") == 0) { ++ has_matching_rule = PR_TRUE; ++ break; ++ } ++ } ++ } ++ ++ if (!has_matching_rule) { ++ /* Index exists but doesn't have integerOrderingMatch, log a warning */ ++ slapi_log_err(SLAPI_LOG_ERR, "upgrade_check_id_index_matching_rule", ++ "Index '%s' in backend '%s' is missing 'nsMatchingRule: integerOrderingMatch'. " ++ "Incorrectly configured system indexes can lead to poor search performance, replication issues, and other operational problems. " ++ "To fix this, add the matching rule and reindex: " ++ "dsconf backend index set --add-mr integerOrderingMatch --attr %s %s && " ++ "dsconf backend index reindex --attr %s %s. " ++ "WARNING: Reindexing can be resource-intensive and may impact server performance on a live system. " ++ "Consider scheduling reindexing during maintenance windows or periods of low activity.\n", ++ attr_name, be_name, attr_name, be_name, attr_name, be_name); ++ } ++ } ++ ++ slapi_ch_free_string(&idx_dn); ++ slapi_free_search_results_internal(idx_pb); ++ slapi_pblock_destroy(idx_pb); ++ } ++ } ++ } ++ ++ slapi_free_search_results_internal(pb); ++ slapi_pblock_destroy(pb); ++ ++ return uresult; ++} ++ + /* + * Upgrade the base config of the PAM PTA plugin. + * +@@ -547,7 +648,11 @@ upgrade_server(void) + if (upgrade_pam_pta_default_config() != UPGRADE_SUCCESS) { + return UPGRADE_FAILURE; + } +- ++ ++ if (upgrade_check_id_index_matching_rule() != UPGRADE_SUCCESS) { ++ return UPGRADE_FAILURE; ++ } ++ + return UPGRADE_SUCCESS; + } + +-- +2.52.0 + diff --git a/0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch b/0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch new file mode 100644 index 0000000..591d144 --- /dev/null +++ b/0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch @@ -0,0 +1,67 @@ +From f5de84e309d5a4435198c9cc9b31b5722979f1ff Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Mon, 12 Jan 2026 10:58:02 +0100 +Subject: [PATCH 5/5] Issue 7172 - (2nd) Index ordering mismatch after upgrade + (#7180) + +Commit 742c12e0247ab64e87da000a4de2f3e5c99044ab introduced a regression +where the check to skip creating parentid/ancestorid indexes if they +already exist was incorrect. +The `ainfo_get()` function falls back to returning +LDBM_PSEUDO_ATTR_DEFAULT attrinfo when the requested attribute is not +found. +Since LDBM_PSEUDO_ATTR_DEFAULT is created before the ancestorid check, +`ainfo_get()` returns LDBM_PSEUDO_ATTR_DEFAULT instead of NULL, causing +the ancestorid index creation to be skipped entirely. + +When operations later try to use the ancestorid index, they fall back to +LDBM_PSEUDO_ATTR_DEFAULT, and attempting to open the .default dbi +mid-transaction fails with MDB_NOTFOUND (-30798). + +Fix Description: +Instead of just checking if `ainfo_get()` returns non-NULL, verify that +the returned attrinfo is actually for the requested attribute. + +Fixes: https://github.com/389ds/389-ds-base/issues/7172 + +Reviewed by: @tbordaz (Thanks!) +--- + ldap/servers/slapd/back-ldbm/instance.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c +index 71bf0f6fa..2a6e8cbb8 100644 +--- a/ldap/servers/slapd/back-ldbm/instance.c ++++ b/ldap/servers/slapd/back-ldbm/instance.c +@@ -190,7 +190,7 @@ ldbm_instance_create_default_indexes(backend *be) + char *ancestorid_indexes_limit = NULL; + char *parentid_indexes_limit = NULL; + struct attrinfo *ai = NULL; +- struct attrinfo *index_already_configured = NULL; ++ int index_already_configured = 0; + struct index_idlistsizeinfo *iter; + int cookie; + int limit; +@@ -250,7 +250,8 @@ ldbm_instance_create_default_indexes(backend *be) + slapi_entry_free(e); + + ainfo_get(be, (char *)LDBM_PARENTID_STR, &ai); +- index_already_configured = ai; ++ /* Check if the attrinfo is actually for parentid, not a fallback to .default */ ++ index_already_configured = (ai != NULL && strcmp(ai->ai_type, LDBM_PARENTID_STR) == 0); + if (!index_already_configured) { + e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR, "eq", 0, 0, 0, "integerOrderingMatch", parentid_indexes_limit); + ldbm_instance_config_add_index_entry(inst, e, flags); +@@ -294,7 +295,8 @@ ldbm_instance_create_default_indexes(backend *be) + * but we still want to use the attr index file APIs. + */ + ainfo_get(be, (char *)LDBM_ANCESTORID_STR, &ai); +- index_already_configured = ai; ++ /* Check if the attrinfo is actually for ancestorid, not a fallback to .default */ ++ index_already_configured = (ai != NULL && strcmp(ai->ai_type, LDBM_ANCESTORID_STR) == 0); + if (!index_already_configured) { + e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch", ancestorid_indexes_limit); + ldbm_instance_config_add_index_entry(inst, e, flags); +-- +2.52.0 + diff --git a/389-ds-base-devel.README b/389-ds-base-devel.README index 190c874..c411a61 100644 --- a/389-ds-base-devel.README +++ b/389-ds-base-devel.README @@ -1,4 +1,4 @@ -For detailed information on developing plugins for -389 Directory Server visit. +For detailed information on developing plugins for 389 Directory Server visit -http://port389/wiki/Plugins +https://www.port389.org/docs/389ds/design/plugins.html +https://github.com/389ds/389-ds-base/blob/main/src/slapi_r_plugin/README.md diff --git a/389-ds-base-git-local.sh b/389-ds-base-git-local.sh deleted file mode 100644 index bc809cb..0000000 --- a/389-ds-base-git-local.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -DATE=`date +%Y%m%d` -# use a real tag name here -VERSION=1.3.5.14 -PKGNAME=389-ds-base -TAG=${TAG:-$PKGNAME-$VERSION} -#SRCNAME=$PKGNAME-$VERSION-$DATE -SRCNAME=$PKGNAME-$VERSION - -test -d .git || { - echo you must be in the ds git repo to use this - echo bye - exit 1 -} - -if [ -z "$1" ] ; then - dir=. -else - dir="$1" -fi - -git archive --prefix=$SRCNAME/ $TAG | bzip2 > $dir/$SRCNAME.tar.bz2 diff --git a/389-ds-base-git.sh b/389-ds-base-git.sh deleted file mode 100644 index 0043901..0000000 --- a/389-ds-base-git.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -DATE=`date +%Y%m%d` -# use a real tag name here -VERSION=1.3.5.14 -PKGNAME=389-ds-base -TAG=${TAG:-$PKGNAME-$VERSION} -URL="https://git.fedorahosted.org/git/?p=389/ds.git;a=snapshot;h=$TAG;sf=tgz" -SRCNAME=$PKGNAME-$VERSION - -wget -O $SRCNAME.tar.gz "$URL" - -echo convert tgz format to tar.bz2 format - -gunzip $PKGNAME-$VERSION.tar.gz -bzip2 $PKGNAME-$VERSION.tar diff --git a/389-ds-base.spec b/389-ds-base.spec index 2482664..e864a88 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -1,38 +1,63 @@ - -%global pkgname dirsrv -%global srcname 389-ds-base +%global pkgname dirsrv # Exclude i686 bit arches -ExcludeArch: i686 +ExcludeArch: i686 -# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release -# also remove the space between % and global - this space is needed because -# fedpkg verrel stupidly ignores comment lines -#% global prerel .rc3 -# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release -#% global relprefix 0. - -# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. -%global use_Socket6 0 - -%global use_asan 0 -%global use_rust 1 -%global bundle_jemalloc 1 -%if %{use_asan} -%global bundle_jemalloc 0 -%endif - -%if %{bundle_jemalloc} +%bcond bundle_jemalloc 1 +%if %{with bundle_jemalloc} %global jemalloc_name jemalloc -%global jemalloc_ver 5.2.1 +%global jemalloc_ver 5.3.0 %global __provides_exclude ^libjemalloc\\.so.*$ %endif +%bcond bundle_libdb 0 +%if 0%{?rhel} >= 10 +%bcond bundle_libdb 1 +%endif + +%if %{with bundle_libdb} +%global libdb_version 5.3 +%global libdb_base_version db-%{libdb_version}.28 +%global libdb_full_version lib%{libdb_base_version}-59 +%global libdb_bundle_name libdb-%{libdb_version}-389ds.so +%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11 +# RPM 4.20 +%global libdb_base_dir lib%{libdb_base_version}-build/%{libdb_base_version} +%else +%global libdb_base_dir %{libdb_base_version} +%endif +%endif + +%bcond libbdb_ro 0 +%if 0%{?fedora} >= 43 +%bcond libbdb_ro 1 +%endif + +# This is used in certain builds to help us know if it has extra features. +%global variant base +# This enables a sanitized build. +%bcond asan 0 +%bcond msan 0 +%bcond tsan 0 +%bcond ubsan 0 + +%if %{with asan} || %{with msan} || %{with tsan} || %{with ubsan} +%global variant base-xsan +%endif + # Use Clang instead of GCC -%global use_clang 0 +%bcond clang 0 +%if %{with msan} +%bcond clang 1 +%endif + +%if %{with clang} +%global toolchain clang +%global _missing_build_ids_terminate_build 0 +%endif # Build cockpit plugin -%global use_cockpit 1 +%bcond cockpit 1 # fedora 15 and later uses tmpfiles.d # otherwise, comment this out @@ -41,60 +66,370 @@ ExcludeArch: i686 # systemd support %global groupname %{pkgname}.target -# set PIE flag -%global _hardened_build 1 +# Filter argparse-manpage from autogenerated package Requires +%global __requires_exclude ^python.*argparse-manpage -Summary: 389 Directory Server (base) +# Force to require nss version greater or equal as the version available at the build time +# See bz1986327 +%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") + +Summary: 389 Directory Server (%{variant}) Name: 389-ds-base -Version: 2.0.2 -Release: %{?relprefix}1%{?prerel}%{?dist}.1 -License: GPLv3+ +Version: 3.2.0 +Release: %{autorelease -n %{?with_asan:-e asan}}%{?dist} +License: GPL-3.0-or-later WITH GPL-3.0-389-ds-base-exception AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR LGPL-2.1-or-later OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-3.0 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 AND Zlib URL: https://www.port389.org -Conflicts: selinux-policy-base < 3.9.8 -Conflicts: freeipa-server < 4.0.3 -Obsoletes: %{name} <= 1.4.0.9 Obsoletes: %{name}-legacy-tools < 1.4.4.6 Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6 Provides: ldif2ldbm >= 0 +##### Bundled cargo crates list - START ##### +Provides: bundled(crate(addr2line)) = 0.24.2 +Provides: bundled(crate(adler2)) = 2.0.1 +Provides: bundled(crate(allocator-api2)) = 0.2.21 +Provides: bundled(crate(atty)) = 0.2.14 +Provides: bundled(crate(autocfg)) = 1.5.0 +Provides: bundled(crate(backtrace)) = 0.3.75 +Provides: bundled(crate(base64)) = 0.13.1 +Provides: bundled(crate(bitflags)) = 2.9.1 +Provides: bundled(crate(byteorder)) = 1.5.0 +Provides: bundled(crate(cbindgen)) = 0.26.0 +Provides: bundled(crate(cc)) = 1.2.27 +Provides: bundled(crate(cfg-if)) = 1.0.1 +Provides: bundled(crate(clap)) = 3.2.25 +Provides: bundled(crate(clap_lex)) = 0.2.4 +Provides: bundled(crate(concread)) = 0.5.6 +Provides: bundled(crate(crossbeam-epoch)) = 0.9.18 +Provides: bundled(crate(crossbeam-queue)) = 0.3.12 +Provides: bundled(crate(crossbeam-utils)) = 0.8.21 +Provides: bundled(crate(equivalent)) = 1.0.2 +Provides: bundled(crate(errno)) = 0.3.12 +Provides: bundled(crate(fastrand)) = 2.3.0 +Provides: bundled(crate(fernet)) = 0.1.4 +Provides: bundled(crate(foldhash)) = 0.1.5 +Provides: bundled(crate(foreign-types)) = 0.3.2 +Provides: bundled(crate(foreign-types-shared)) = 0.1.1 +Provides: bundled(crate(getrandom)) = 0.3.3 +Provides: bundled(crate(gimli)) = 0.31.1 +Provides: bundled(crate(hashbrown)) = 0.15.4 +Provides: bundled(crate(heck)) = 0.4.1 +Provides: bundled(crate(hermit-abi)) = 0.1.19 +Provides: bundled(crate(indexmap)) = 1.9.3 +Provides: bundled(crate(itoa)) = 1.0.15 +Provides: bundled(crate(jobserver)) = 0.1.33 +Provides: bundled(crate(libc)) = 0.2.174 +Provides: bundled(crate(linux-raw-sys)) = 0.9.4 +Provides: bundled(crate(log)) = 0.4.27 +Provides: bundled(crate(lru)) = 0.13.0 +Provides: bundled(crate(memchr)) = 2.7.5 +Provides: bundled(crate(miniz_oxide)) = 0.8.9 +Provides: bundled(crate(object)) = 0.36.7 +Provides: bundled(crate(once_cell)) = 1.21.3 +Provides: bundled(crate(openssl)) = 0.10.73 +Provides: bundled(crate(openssl-macros)) = 0.1.1 +Provides: bundled(crate(openssl-sys)) = 0.9.109 +Provides: bundled(crate(os_str_bytes)) = 6.6.1 +Provides: bundled(crate(paste)) = 0.1.18 +Provides: bundled(crate(paste-impl)) = 0.1.18 +Provides: bundled(crate(pin-project-lite)) = 0.2.16 +Provides: bundled(crate(pkg-config)) = 0.3.32 +Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated +Provides: bundled(crate(proc-macro2)) = 1.0.95 +Provides: bundled(crate(quote)) = 1.0.40 +Provides: bundled(crate(r-efi)) = 5.3.0 +Provides: bundled(crate(rustc-demangle)) = 0.1.25 +Provides: bundled(crate(rustix)) = 1.0.7 +Provides: bundled(crate(ryu)) = 1.0.20 +Provides: bundled(crate(serde)) = 1.0.219 +Provides: bundled(crate(serde_derive)) = 1.0.219 +Provides: bundled(crate(serde_json)) = 1.0.140 +Provides: bundled(crate(shlex)) = 1.3.0 +Provides: bundled(crate(smallvec)) = 1.15.1 +Provides: bundled(crate(sptr)) = 0.3.2 +Provides: bundled(crate(strsim)) = 0.10.0 +Provides: bundled(crate(syn)) = 2.0.103 +Provides: bundled(crate(tempfile)) = 3.20.0 +Provides: bundled(crate(termcolor)) = 1.4.1 +Provides: bundled(crate(textwrap)) = 0.16.2 +Provides: bundled(crate(tokio)) = 1.45.1 +Provides: bundled(crate(toml)) = 0.5.11 +Provides: bundled(crate(tracing)) = 0.1.41 +Provides: bundled(crate(tracing-attributes)) = 0.1.30 +Provides: bundled(crate(tracing-core)) = 0.1.34 +Provides: bundled(crate(unicode-ident)) = 1.0.18 +Provides: bundled(crate(uuid)) = 0.8.2 +Provides: bundled(crate(vcpkg)) = 0.2.15 +Provides: bundled(crate(wasi)) = 0.14.2+wasi_0.2.4 +Provides: bundled(crate(winapi)) = 0.3.9 +Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(winapi-util)) = 0.1.9 +Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(windows-sys)) = 0.59.0 +Provides: bundled(crate(windows-targets)) = 0.52.6 +Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.6 +Provides: bundled(crate(windows_i686_gnu)) = 0.52.6 +Provides: bundled(crate(windows_i686_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_i686_msvc)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.6 +Provides: bundled(crate(wit-bindgen-rt)) = 0.39.0 +Provides: bundled(crate(zeroize)) = 1.8.1 +Provides: bundled(crate(zeroize_derive)) = 1.4.2 +Provides: bundled(npm(@eslint-community/eslint-utils)) = 4.4.1 +Provides: bundled(npm(@eslint-community/regexpp)) = 4.12.1 +Provides: bundled(npm(@eslint/eslintrc)) = 2.1.4 +Provides: bundled(npm(@eslint/js)) = 8.57.1 +Provides: bundled(npm(@fortawesome/fontawesome-common-types)) = 0.2.36 +Provides: bundled(npm(@fortawesome/fontawesome-svg-core)) = 1.2.36 +Provides: bundled(npm(@fortawesome/free-solid-svg-icons)) = 5.15.4 +Provides: bundled(npm(@fortawesome/react-fontawesome)) = 0.1.19 +Provides: bundled(npm(@humanwhocodes/config-array)) = 0.13.0 +Provides: bundled(npm(@humanwhocodes/module-importer)) = 1.0.1 +Provides: bundled(npm(@humanwhocodes/object-schema)) = 2.0.3 +Provides: bundled(npm(@nodelib/fs.scandir)) = 2.1.5 +Provides: bundled(npm(@nodelib/fs.stat)) = 2.0.5 +Provides: bundled(npm(@nodelib/fs.walk)) = 1.2.8 +Provides: bundled(npm(@patternfly/patternfly)) = 5.4.1 +Provides: bundled(npm(@patternfly/react-charts)) = 7.4.3 +Provides: bundled(npm(@patternfly/react-core)) = 5.4.1 +Provides: bundled(npm(@patternfly/react-icons)) = 5.4.0 +Provides: bundled(npm(@patternfly/react-log-viewer)) = 5.3.0 +Provides: bundled(npm(@patternfly/react-styles)) = 5.4.0 +Provides: bundled(npm(@patternfly/react-table)) = 5.4.1 +Provides: bundled(npm(@patternfly/react-tokens)) = 5.4.0 +Provides: bundled(npm(@types/d3-array)) = 3.2.1 +Provides: bundled(npm(@types/d3-color)) = 3.1.3 +Provides: bundled(npm(@types/d3-ease)) = 3.0.2 +Provides: bundled(npm(@types/d3-interpolate)) = 3.0.4 +Provides: bundled(npm(@types/d3-path)) = 3.1.0 +Provides: bundled(npm(@types/d3-scale)) = 4.0.8 +Provides: bundled(npm(@types/d3-shape)) = 3.1.6 +Provides: bundled(npm(@types/d3-time)) = 3.0.3 +Provides: bundled(npm(@types/d3-timer)) = 3.0.2 +Provides: bundled(npm(@ungap/structured-clone)) = 1.2.0 +Provides: bundled(npm(@xterm/addon-canvas)) = 0.7.0 +Provides: bundled(npm(@xterm/xterm)) = 5.5.0 +Provides: bundled(npm(acorn)) = 8.14.0 +Provides: bundled(npm(acorn-jsx)) = 5.3.2 +Provides: bundled(npm(ajv)) = 6.12.6 +Provides: bundled(npm(ansi-regex)) = 5.0.1 +Provides: bundled(npm(ansi-styles)) = 4.3.0 +Provides: bundled(npm(argparse)) = 2.0.1 +Provides: bundled(npm(attr-accept)) = 2.2.4 +Provides: bundled(npm(autolinker)) = 3.16.2 +Provides: bundled(npm(balanced-match)) = 1.0.2 +Provides: bundled(npm(brace-expansion)) = 1.1.12 +Provides: bundled(npm(callsites)) = 3.1.0 +Provides: bundled(npm(chalk)) = 4.1.2 +Provides: bundled(npm(color-convert)) = 2.0.1 +Provides: bundled(npm(color-name)) = 1.1.4 +Provides: bundled(npm(concat-map)) = 0.0.1 +Provides: bundled(npm(core-util-is)) = 1.0.3 +Provides: bundled(npm(cross-spawn)) = 7.0.6 +Provides: bundled(npm(d3-array)) = 3.2.4 +Provides: bundled(npm(d3-color)) = 3.1.0 +Provides: bundled(npm(d3-ease)) = 3.0.1 +Provides: bundled(npm(d3-format)) = 3.1.0 +Provides: bundled(npm(d3-interpolate)) = 3.0.1 +Provides: bundled(npm(d3-path)) = 3.1.0 +Provides: bundled(npm(d3-scale)) = 4.0.2 +Provides: bundled(npm(d3-shape)) = 3.2.0 +Provides: bundled(npm(d3-time)) = 3.1.0 +Provides: bundled(npm(d3-time-format)) = 4.1.0 +Provides: bundled(npm(d3-timer)) = 3.0.1 +Provides: bundled(npm(debug)) = 4.3.7 +Provides: bundled(npm(deep-is)) = 0.1.4 +Provides: bundled(npm(delaunator)) = 4.0.1 +Provides: bundled(npm(delaunay-find)) = 0.0.6 +Provides: bundled(npm(dequal)) = 2.0.3 +Provides: bundled(npm(doctrine)) = 3.0.0 +Provides: bundled(npm(encoding)) = 0.1.13 +Provides: bundled(npm(escape-string-regexp)) = 4.0.0 +Provides: bundled(npm(eslint)) = 8.57.1 +Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.6.2 +Provides: bundled(npm(eslint-scope)) = 7.2.2 +Provides: bundled(npm(eslint-visitor-keys)) = 3.4.3 +Provides: bundled(npm(espree)) = 9.6.1 +Provides: bundled(npm(esquery)) = 1.6.0 +Provides: bundled(npm(esrecurse)) = 4.3.0 +Provides: bundled(npm(estraverse)) = 5.3.0 +Provides: bundled(npm(esutils)) = 2.0.3 +Provides: bundled(npm(fast-deep-equal)) = 3.1.3 +Provides: bundled(npm(fast-json-stable-stringify)) = 2.1.0 +Provides: bundled(npm(fast-levenshtein)) = 2.0.6 +Provides: bundled(npm(fastq)) = 1.17.1 +Provides: bundled(npm(file-entry-cache)) = 6.0.1 +Provides: bundled(npm(file-selector)) = 2.1.0 +Provides: bundled(npm(find-up)) = 5.0.0 +Provides: bundled(npm(flat-cache)) = 3.2.0 +Provides: bundled(npm(flatted)) = 3.3.1 +Provides: bundled(npm(focus-trap)) = 7.5.4 +Provides: bundled(npm(fs.realpath)) = 1.0.0 +Provides: bundled(npm(gettext-parser)) = 2.1.0 +Provides: bundled(npm(glob)) = 7.2.3 +Provides: bundled(npm(glob-parent)) = 6.0.2 +Provides: bundled(npm(globals)) = 13.24.0 +Provides: bundled(npm(graphemer)) = 1.4.0 +Provides: bundled(npm(has-flag)) = 4.0.0 +Provides: bundled(npm(hoist-non-react-statics)) = 3.3.2 +Provides: bundled(npm(iconv-lite)) = 0.6.3 +Provides: bundled(npm(ignore)) = 5.3.2 +Provides: bundled(npm(import-fresh)) = 3.3.0 +Provides: bundled(npm(imurmurhash)) = 0.1.4 +Provides: bundled(npm(inflight)) = 1.0.6 +Provides: bundled(npm(inherits)) = 2.0.4 +Provides: bundled(npm(internmap)) = 2.0.3 +Provides: bundled(npm(is-extglob)) = 2.1.1 +Provides: bundled(npm(is-glob)) = 4.0.3 +Provides: bundled(npm(is-path-inside)) = 3.0.3 +Provides: bundled(npm(isarray)) = 1.0.0 +Provides: bundled(npm(isexe)) = 2.0.0 +Provides: bundled(npm(js-sha1)) = 0.7.0 +Provides: bundled(npm(js-sha256)) = 0.11.0 +Provides: bundled(npm(js-tokens)) = 4.0.0 +Provides: bundled(npm(js-yaml)) = 4.1.1 +Provides: bundled(npm(json-buffer)) = 3.0.1 +Provides: bundled(npm(json-schema-traverse)) = 0.4.1 +Provides: bundled(npm(json-stable-stringify-without-jsonify)) = 1.0.1 +Provides: bundled(npm(json-stringify-safe)) = 5.0.1 +Provides: bundled(npm(keyv)) = 4.5.4 +Provides: bundled(npm(levn)) = 0.4.1 +Provides: bundled(npm(locate-path)) = 6.0.0 +Provides: bundled(npm(lodash)) = 4.17.21 +Provides: bundled(npm(lodash.merge)) = 4.6.2 +Provides: bundled(npm(loose-envify)) = 1.4.0 +Provides: bundled(npm(memoize-one)) = 5.2.1 +Provides: bundled(npm(minimatch)) = 3.1.2 +Provides: bundled(npm(ms)) = 2.1.3 +Provides: bundled(npm(natural-compare)) = 1.4.0 +Provides: bundled(npm(object-assign)) = 4.1.1 +Provides: bundled(npm(once)) = 1.4.0 +Provides: bundled(npm(optionator)) = 0.9.4 +Provides: bundled(npm(p-limit)) = 3.1.0 +Provides: bundled(npm(p-locate)) = 5.0.0 +Provides: bundled(npm(parent-module)) = 1.0.1 +Provides: bundled(npm(path-exists)) = 4.0.0 +Provides: bundled(npm(path-is-absolute)) = 1.0.1 +Provides: bundled(npm(path-key)) = 3.1.1 +Provides: bundled(npm(prelude-ls)) = 1.2.1 +Provides: bundled(npm(prettier)) = 3.3.3 +Provides: bundled(npm(process-nextick-args)) = 2.0.1 +Provides: bundled(npm(prop-types)) = 15.8.1 +Provides: bundled(npm(punycode)) = 2.3.1 +Provides: bundled(npm(queue-microtask)) = 1.2.3 +Provides: bundled(npm(react)) = 18.3.1 +Provides: bundled(npm(react-dom)) = 18.3.1 +Provides: bundled(npm(react-dropzone)) = 14.3.5 +Provides: bundled(npm(react-fast-compare)) = 3.2.2 +Provides: bundled(npm(react-is)) = 16.13.1 +Provides: bundled(npm(readable-stream)) = 2.3.8 +Provides: bundled(npm(remarkable)) = 2.0.1 +Provides: bundled(npm(resolve-from)) = 4.0.0 +Provides: bundled(npm(reusify)) = 1.0.4 +Provides: bundled(npm(rimraf)) = 3.0.2 +Provides: bundled(npm(run-parallel)) = 1.2.0 +Provides: bundled(npm(safe-buffer)) = 5.2.1 +Provides: bundled(npm(safer-buffer)) = 2.1.2 +Provides: bundled(npm(scheduler)) = 0.23.2 +Provides: bundled(npm(shebang-command)) = 2.0.0 +Provides: bundled(npm(shebang-regex)) = 3.0.0 +Provides: bundled(npm(sprintf-js)) = 1.0.3 +Provides: bundled(npm(string_decoder)) = 1.1.1 +Provides: bundled(npm(strip-ansi)) = 6.0.1 +Provides: bundled(npm(strip-json-comments)) = 3.1.1 +Provides: bundled(npm(supports-color)) = 7.2.0 +Provides: bundled(npm(tabbable)) = 6.2.0 +Provides: bundled(npm(text-table)) = 0.2.0 +Provides: bundled(npm(throttle-debounce)) = 5.0.2 +Provides: bundled(npm(tslib)) = 2.8.1 +Provides: bundled(npm(type-check)) = 0.4.0 +Provides: bundled(npm(type-fest)) = 0.20.2 +Provides: bundled(npm(uri-js)) = 4.4.1 +Provides: bundled(npm(util-deprecate)) = 1.0.2 +Provides: bundled(npm(uuid)) = 10.0.0 +Provides: bundled(npm(victory-area)) = 37.3.1 +Provides: bundled(npm(victory-axis)) = 37.3.1 +Provides: bundled(npm(victory-bar)) = 37.3.1 +Provides: bundled(npm(victory-box-plot)) = 37.3.1 +Provides: bundled(npm(victory-brush-container)) = 37.3.1 +Provides: bundled(npm(victory-chart)) = 37.3.1 +Provides: bundled(npm(victory-core)) = 37.3.1 +Provides: bundled(npm(victory-create-container)) = 37.3.1 +Provides: bundled(npm(victory-cursor-container)) = 37.3.1 +Provides: bundled(npm(victory-group)) = 37.3.1 +Provides: bundled(npm(victory-legend)) = 37.3.1 +Provides: bundled(npm(victory-line)) = 37.3.1 +Provides: bundled(npm(victory-pie)) = 37.3.1 +Provides: bundled(npm(victory-polar-axis)) = 37.3.1 +Provides: bundled(npm(victory-scatter)) = 37.3.1 +Provides: bundled(npm(victory-selection-container)) = 37.3.1 +Provides: bundled(npm(victory-shared-events)) = 37.3.1 +Provides: bundled(npm(victory-stack)) = 37.3.1 +Provides: bundled(npm(victory-tooltip)) = 37.3.1 +Provides: bundled(npm(victory-vendor)) = 37.3.1 +Provides: bundled(npm(victory-voronoi-container)) = 37.3.1 +Provides: bundled(npm(victory-zoom-container)) = 37.3.1 +Provides: bundled(npm(which)) = 2.0.2 +Provides: bundled(npm(word-wrap)) = 1.2.5 +Provides: bundled(npm(wrappy)) = 1.0.2 +Provides: bundled(npm(yocto-queue)) = 0.1.0 +##### Bundled cargo crates list - END ##### + +# Attach the buildrequires to the top level package: BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.34 +BuildRequires: openldap-clients BuildRequires: openldap-devel -BuildRequires: libdb-devel +BuildRequires: lmdb-devel BuildRequires: cyrus-sasl-devel BuildRequires: icu BuildRequires: libicu-devel -BuildRequires: pcre-devel +BuildRequires: pcre2-devel BuildRequires: cracklib-devel -%if %{use_clang} +BuildRequires: json-c-devel +BuildRequires: libxcrypt-devel +%if %{with clang} BuildRequires: libatomic BuildRequires: clang +BuildRequires: compiler-rt +BuildRequires: lld %else BuildRequires: gcc BuildRequires: gcc-c++ +%if %{with asan} +BuildRequires: libasan %endif +%if %{with tsan} +BuildRequires: libtsan +%endif +%if %{with ubsan} +BuildRequires: libubsan +%endif +%endif +%if %{without libbdb_ro} +%if %{without bundle_libdb} +BuildRequires: libdb-devel +%endif +%endif + # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel -BuildRequires: lm_sensors-devel BuildRequires: bzip2-devel -BuildRequires: zlib-devel BuildRequires: openssl-devel # the following is for the pam passthru auth plug-in BuildRequires: pam-devel BuildRequires: systemd-units BuildRequires: systemd-devel -%if %{use_asan} -BuildRequires: libasan -%endif -# If rust is enabled -%if %{use_rust} -BuildRequires: cargo -BuildRequires: rust -%endif +BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} +BuildRequires: cargo +BuildRequires: rust BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(krb5) - +BuildRequires: pkgconfig(libpcre2-8) # Needed to support regeneration of the autotool artifacts. BuildRequires: autoconf BuildRequires: automake @@ -103,102 +438,133 @@ BuildRequires: libtool BuildRequires: doxygen # For tests! BuildRequires: libcmocka-devel -BuildRequires: libevent-devel -# For lib389 and related components +# For lib389 and related components. BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-ldap -BuildRequires: python%{python3_pkgversion}-six -BuildRequires: python%{python3_pkgversion}-pyasn1 -BuildRequires: python%{python3_pkgversion}-pyasn1-modules -BuildRequires: python%{python3_pkgversion}-dateutil -BuildRequires: python%{python3_pkgversion}-argcomplete -BuildRequires: python%{python3_pkgversion}-argparse-manpage -BuildRequires: python%{python3_pkgversion}-libselinux -BuildRequires: python%{python3_pkgversion}-policycoreutils # For cockpit -%if %{use_cockpit} +%if %{with cockpit} BuildRequires: rsync +BuildRequires: npm +BuildRequires: nodejs %endif +# For autosetup -S git +BuildRequires: git + Requires: %{name}-libs = %{version}-%{release} Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} # this is needed for using semanage from our setup scripts Requires: policycoreutils-python-utils -Requires: /usr/sbin/semanage Requires: libsemanage-python%{python3_pkgversion} - -Requires: selinux-policy >= 3.14.1-29 - # the following are needed for some of our scripts Requires: openldap-clients -Requires: /usr/bin/c_rehash -Requires: python%{python3_pkgversion}-ldap - +Requires: acl # this is needed to setup SSL if you are not using the # administration server package Requires: nss-tools -Requires: nss >= 3.34 - +%dirsrv_requires_ge nss # these are not found by the auto-dependency method # they are required to support the mandatory LDAP SASL mechs Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-md5 +# This is optionally supported by us, as we use it in our tests Requires: cyrus-sasl-plain - -# this is needed for verify-db.pl -Requires: libdb-utils - +# this is needed for backldbm +%if %{with libbdb_ro} +Requires: %{name}-robdb-libs = %{version}-%{release} +%else +%if %{without bundle_libdb} +Requires: libdb +%endif +%endif +Requires: lmdb-libs +# Needed by logconv.pl +%if %{without libbdb_ro} +%if %{without bundle_libdb} +Requires: perl-DB_File +%endif +%endif +Requires: perl-Archive-Tar +%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 +Requires: perl-debugger +Requires: perl-sigtrap +%endif # Needed for password dictionary checks Requires: cracklib-dicts - -# Needed by logconv.pl -Requires: perl-DB_File -Requires: perl-Archive-Tar - +Requires: json-c +# Log compression +Requires: zlib-devel +# logconv.py, MIME type +Requires: python3-file-magic # Picks up our systemd deps. %{?systemd_requires} -Obsoletes: %{name} <= 1.3.5.4 - -Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}%{?prerel}.tar.bz2 -# 389-ds-git.sh should be used to generate the source tarball from git -Source1: %{name}-git.sh +Source0: https://github.com/389ds/%{name}/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 Source2: %{name}-devel.README -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 +Source6: jemalloc-5.3.0_throw_bad_alloc.patch %endif +Source4: 389-ds-base.sysusers +%if %{with bundle_libdb} +Source5: https://fedorapeople.org/groups/389ds/libdb-5.3.28-59.tar.bz2 +%endif + +Patch: 0001-Issue-7096-During-replication-online-total-init-the-.patch +Patch: 0002-Issue-Revise-paged-result-search-locking.patch +Patch: 0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch +Patch: 0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch +Patch: 0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. -%if %{use_asan} +%if %{with asan} WARNING! This build is linked to Address Sanitisation libraries. This probably isn't what you want. Please contact support immediately. Please see http://seclists.org/oss-sec/2016/q1/363 for more information. %endif +%if %{with libbdb_ro} +%package robdb-libs +Summary: Read-only Berkeley Database Library +License: GPL-2.0-or-later OR LGPL-2.1-or-later + +%description robdb-libs +The %{name}-robdb-lib package contains a library derived from rpm +project (https://github.com/rpm-software-management/rpm) that provides +some basic functions to search and read Berkeley Database records +%endif + + %package libs -Summary: Core libraries for 389 Directory Server -BuildRequires: nspr-devel -BuildRequires: nss-devel >= 3.34 -BuildRequires: openldap-devel -BuildRequires: libdb-devel -BuildRequires: cyrus-sasl-devel -BuildRequires: libicu-devel -BuildRequires: pcre-devel -BuildRequires: libtalloc-devel -BuildRequires: libevent-devel -BuildRequires: libtevent-devel -Requires: krb5-libs -Requires: libevent -BuildRequires: systemd-devel -BuildRequires: make +Summary: Core libraries for 389 Directory Server (%{variant}) Provides: svrcore = 4.1.4 -Conflicts: svrcore Obsoletes: svrcore <= 4.1.3 +Conflicts: svrcore +%dirsrv_requires_ge nss +Requires: nspr +Requires: openldap +Requires: systemd-libs +# Pull in sasl +Requires: cyrus-sasl-lib +# KRB +Requires: krb5-libs +%if %{with clang} +Requires: llvm +Requires: compiler-rt +%else +%if %{with asan} +Requires: libasan +%endif +%if %{with tsan} +Requires: libtsan +%endif +%if %{with ubsan} +Requires: libubsan +%endif +%endif %description libs Core libraries for the 389 Directory Server base package. These libraries @@ -206,19 +572,17 @@ are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package. %package devel -Summary: Development libraries for 389 Directory Server +Summary: Development libraries for 389 Directory Server (%{variant}) +Provides: svrcore-devel = 4.1.4 +Obsoletes: svrcore-devel <= 4.1.3 +Conflicts: svrcore-devel Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig Requires: nspr-devel Requires: nss-devel >= 3.34 Requires: openldap-devel -Requires: libtalloc -Requires: libevent -Requires: libtevent +# systemd-libs contains the headers iirc. Requires: systemd-libs -Provides: svrcore-devel = 4.1.4 -Conflicts: svrcore-devel -Obsoletes: svrcore-devel <= 4.1.3 %description devel Development Libraries and headers for the 389 Directory Server base package. @@ -232,76 +596,103 @@ Obsoletes: %{name} <= 1.4.0.0 %description snmp SNMP Agent for the 389 Directory Server base package. +%if %{with bundle_libdb} +%package bdb +Summary: Berkeley Database backend for 389 Directory Server +%description bdb +Berkeley Database backend for 389 Directory Server +Warning! This backend is deprecated in favor of lmdb and its support +may be removed in future versions. + +Requires: %{name} = %{version}-%{release} +# Berkeley DB database libdb was marked as deprecated since F40: +# https://fedoraproject.org/wiki/Changes/389_Directory_Server_3.0.0 +# because libdb was marked as deprecated since F33 +# https://fedoraproject.org/wiki/Changes/Libdb_deprecated +Provides: deprecated() +%endif + + %package -n python%{python3_pkgversion}-lib389 Summary: A library for accessing, testing, and configuring the 389 Directory Server BuildArch: noarch +Requires: %{name} = %{version}-%{release} Requires: openssl +# This is for /usr/bin/c_rehash tool, only needed for openssl < 1.1.0 +Requires: openssl-perl Requires: iproute -Recommends: bash-completion -Requires: python%{python3_pkgversion} -Requires: python%{python3_pkgversion}-distro -Requires: python%{python3_pkgversion}-ldap -Requires: python%{python3_pkgversion}-six -Requires: python%{python3_pkgversion}-pyasn1 -Requires: python%{python3_pkgversion}-pyasn1-modules -Requires: python%{python3_pkgversion}-dateutil -Requires: python%{python3_pkgversion}-argcomplete Requires: python%{python3_pkgversion}-libselinux -Requires: python%{python3_pkgversion}-setuptools -%{?python_provide:%python_provide python%{python3_pkgversion}-lib389} +Recommends: bash-completion %description -n python%{python3_pkgversion}-lib389 This module contains tools and libraries for accessing, testing, and configuring the 389 Directory Server. -%if %{use_cockpit} +%if %{with cockpit} %package -n cockpit-389-ds Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server BuildArch: noarch Requires: cockpit -Requires: 389-ds-base +Requires: %{name} = %{version}-%{release} Requires: python%{python3_pkgversion} -Requires: python%{python3_pkgversion}-lib389 +Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} %description -n cockpit-389-ds A cockpit UI Plugin for configuring and administering the 389 Directory Server %endif -%prep -%setup -q -n %{name}-%{version}%{?prerel} +%generate_buildrequires +cd src/lib389 +# Tests do not run in %%check (lib389's tests need to be fixed) +# but test dependencies are needed to check import lib389.topologies +%pyproject_buildrequires -g test -%if %{bundle_jemalloc} -%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3 +%prep +%autosetup -S git -p1 -n %{name}-%{version} + +%if %{with bundle_jemalloc} +%setup -q -n %{name}-%{version} -T -D -b 3 +%endif + +%if %{with bundle_libdb} +%setup -q -n %{name}-%{version} -T -D -b 5 %endif cp %{SOURCE2} README.devel %build +# Workaround until https://github.com/389ds/389-ds-base/issues/6476 is fixed +export CFLAGS="%{optflags} -std=gnu17" -OPENLDAP_FLAG="--with-openldap" -%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} -# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 -NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" - -%if %{use_asan} -ASAN_FLAGS="--enable-asan --enable-debug" -%endif - -%if %{use_rust} -RUST_FLAGS="--enable-rust --enable-rust-offline" -%endif - -%if !%{use_cockpit} -COCKPIT_FLAGS="--disable-cockpit" -%endif - -%if %{use_clang} -export CC=clang -export CXX=clang++ +%if %{with clang} CLANG_FLAGS="--enable-clang" %endif -%if %{bundle_jemalloc} +%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} + +%if %{with asan} +ASAN_FLAGS="--enable-asan --enable-debug" +%endif + +%if %{with msan} +MSAN_FLAGS="--enable-msan --enable-debug" +%endif + +%if %{with tsan} +TSAN_FLAGS="--enable-tsan --enable-debug" +%endif + +%if %{with ubsan} +UBSAN_FLAGS="--enable-ubsan --enable-debug" +%endif + +RUST_FLAGS="--enable-rust --enable-rust-offline" + +%if %{without cockpit} +COCKPIT_FLAGS="--disable-cockpit" +%endif + +%if %{with bundle_jemalloc} # Override page size, bz #1545539 # 4K %ifarch %ix86 %arm x86_64 s390x @@ -321,77 +712,110 @@ CLANG_FLAGS="--enable-clang" # Build jemalloc pushd ../%{jemalloc_name}-%{jemalloc_ver} +patch -p1 -F3 < %{SOURCE6} %configure \ --libdir=%{_libdir}/%{pkgname}/lib \ --bindir=%{_libdir}/%{pkgname}/bin \ - --enable-prof -make %{?_smp_mflags} + --enable-prof %{lg_page} %{lg_hugepage} +%make_build popd %endif -# Enforce strict linking -%define _strict_symbol_defs_build 1 +# Build custom libdb package +%if %{with bundle_libdb} +mkdir -p ../%{libdb_base_version} +pushd ../%{libdb_base_version} +tar -xjf %{_topdir}/SOURCES/%{libdb_full_version}.tar.bz2 +mv %{libdb_full_version} SOURCES +sed -i -e '/^CFLAGS=/s/-fno-strict-aliasing/& -std=gnu99/' %{_builddir}/%{name}-%{version}/rpm/bundle-libdb.spec +rpmbuild --define "_topdir $PWD" -bc %{_builddir}/%{name}-%{version}/rpm/bundle-libdb.spec +popd +%endif # Rebuild the autotool artifacts now. autoreconf -fiv -%configure --enable-autobind --with-selinux $TMPFILES_FLAG \ +%configure \ +%if %{with libbdb_ro} + --with-libbdb-ro \ +%else + --without-libbdb-ro \ +%endif +%if %{with bundle_libdb} + --with-bundle-libdb=%{_builddir}/%{libdb_base_version}/BUILD/%{libdb_base_dir}/dist/dist-tls \ +%endif + --with-selinux $TMPFILES_FLAG \ --with-systemd \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ - --with-systemdgroupname=%{groupname} \ + --with-systemdgroupname=%{groupname} \ --libexecdir=%{_libexecdir}/%{pkgname} \ - $NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ - --enable-cmocka \ - --enable-perl + $ASAN_FLAGS $MSAN_FLAGS $TSAN_FLAGS $UBSAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ +%if 0%{?fedora} >= 34 || 0%{?rhel} >= 9 + --with-libldap-r=no \ +%endif + --enable-cmocka +# Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings from systemd on older releases +%if 0%{?rhel} && 0%{?rhel} < 9 + sed -r -i '/^(Protect(Home|Hostname|KernelLogs)|PrivateMounts)=/d' %{_builddir}/%{name}-%{version}/wrappers/*.service.in +%endif # lib389 pushd ./src/lib389 -%py3_build +%{python3} validate_version.py --update +%pyproject_wheel popd -# argparse-manpage dynamic man pages have hardcoded man v1 in header, -# need to change it to v8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8 # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS -#make %{?_smp_mflags} -make +%make_build %install mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} -%if %{use_cockpit} +%if %{with cockpit} mkdir -p %{buildroot}%{_datadir}/cockpit %endif -make DESTDIR="$RPM_BUILD_ROOT" install +%make_install -%if %{use_cockpit} +%if %{with cockpit} find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list %endif +find %{buildroot}%{_libdir}/%{pkgname}/plugins/ -type f -iname 'lib*.so' | sed -e "s@%{buildroot}@@" > plugins.list +%if %{with bundle_libdb} +sed -i -e "/libback-bdb/d" plugins.list +%endif + # Copy in our docs from doxygen. -cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 +cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 # lib389 pushd src/lib389 -%py3_install +%pyproject_install +%pyproject_save_files -l lib389 popd +# Register CLI tools for bash completion +for clitool in dsconf dsctl dsidm dscreate ds-replcheck +do + register-python-argcomplete "${clitool}" > "${clitool}" + install -p -m 0644 -D -t '%{buildroot}%{bash_completions_dir}' "${clitool}" +done + mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} -mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} \ + && chmod 770 $RPM_BUILD_ROOT/var/lock/%{pkgname} # for systemd mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants +install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/389-ds-base.conf -# remove libtool archives and static libs +#remove libtool and static libs rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a @@ -399,17 +823,52 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} pushd ../%{jemalloc_name}-%{jemalloc_ver} make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin -cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc -cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc +cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc +cp -pa README ../%{name}-%{version}/README.jemalloc +popd +%endif + +%if %{with bundle_libdb} +pushd ../%{libdb_base_version} +libdbbuilddir=$PWD/BUILD/%{libdb_base_dir} +libdbdestdir=$PWD/../%{name}-%{version} +cp -pa $libdbbuilddir/LICENSE $libdbdestdir/LICENSE.libdb +cp -pa $libdbbuilddir/README $libdbdestdir/README.libdb +cp -pa $libdbbuilddir/lgpl-2.1.txt $libdbdestdir/lgpl-2.1.txt.libdb +cp -pa $libdbbuilddir/dist/dist-tls/.libs/%{libdb_bundle_name} $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/%{libdb_bundle_name} +popd +%endif + +%if %{with libbdb_ro} +pushd lib/librobdb +cp -pa COPYING %{_builddir}/%{name}-%{version}/COPYING.librobdb +cp -pa COPYING.RPM %{_builddir}/%{name}-%{version}/COPYING.RPM +install -m 0755 -d %{buildroot}/%{_libdir} +install -m 0755 -d %{buildroot}/%{_docdir}/%{name}-robdb-libs +install -m 0755 -d %{buildroot}/%{_licensedir}/%{name} +install -m 0755 -d %{buildroot}/%{_licensedir}/%{name}-robdb-libs +install -m 0644 $PWD/README.md %{buildroot}/%{_docdir}/%{name}-robdb-libs/README.md +install -m 0644 $PWD/COPYING %{buildroot}/%{_licensedir}/%{name}-robdb-libs/COPYING +install -m 0644 $PWD/COPYING.RPM %{buildroot}/%{_licensedir}/%{name}-robdb-libs/COPYING.RPM +install -m 0644 $PWD/COPYING %{buildroot}/%{_licensedir}/%{name}/COPYING.librobdb +install -m 0644 $PWD/COPYING.RPM %{buildroot}/%{_licensedir}/%{name}/COPYING.RPM popd %endif %check # This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. +%if %{with tsan} +export TSAN_OPTIONS=print_stacktrace=1:second_deadlock_stack=1:history_size=7 +%endif +%if %{without asan} && %{without msan} if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi +%endif + +# Check import for lib389 modules +%pyproject_check_import -e '*.test*' %post if [ -n "$DEBUGPOSTTRANS" ] ; then @@ -419,26 +878,10 @@ else output=/dev/null output2=/dev/null fi + # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >$output 2>&1 || : -# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation -# Soft static allocation for UID and GID -USERNAME="dirsrv" -ALLOCATED_UID=389 -GROUPNAME="dirsrv" -ALLOCATED_GID=389 -HOMEDIR="/usr/share/dirsrv" - -getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME -if ! getent passwd $USERNAME >/dev/null ; then - if ! getent passwd $ALLOCATED_UID >/dev/null ; then - /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - else - /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - fi -fi - # Reload our sysctl before we restart (if we can) sysctl --system &> $output; true @@ -499,8 +942,8 @@ fi exit 0 -%files -%if %{bundle_jemalloc} +%files -f plugins.list +%if %{with bundle_jemalloc} %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc %license COPYING.jemalloc %else @@ -511,6 +954,7 @@ exit 0 %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif %dir %{_sysconfdir}/%{pkgname}/config %dir %{_sysconfdir}/systemd/system/%{groupname}.wants +%{_sysusersdir}/389-ds-base.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf %{_datadir}/%{pkgname} @@ -520,20 +964,23 @@ exit 0 %{_mandir}/man1/dbscan.1.gz %{_bindir}/ds-replcheck %{_mandir}/man1/ds-replcheck.1.gz +%{bash_completions_dir}/ds-replcheck %{_bindir}/ds-logpipe.py %{_mandir}/man1/ds-logpipe.py.1.gz %{_bindir}/ldclt %{_mandir}/man1/ldclt.1.gz %{_bindir}/logconv.pl %{_mandir}/man1/logconv.pl.1.gz +%{_bindir}/logconv.py +%{_mandir}/man1/logconv.py.1.gz %{_bindir}/pwdhash %{_mandir}/man1/pwdhash.1.gz -#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd %{_sbindir}/ns-slapd %{_mandir}/man8/ns-slapd.8.gz %{_sbindir}/openldap_to_ds %{_mandir}/man8/openldap_to_ds.8.gz %{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl +%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh %{_mandir}/man5/99user.ldif.5.gz %{_mandir}/man5/certmap.conf.5.gz %{_mandir}/man5/slapd-collations.conf.5.gz @@ -541,7 +988,6 @@ exit 0 %{_mandir}/man5/dirsrv.systemd.5.gz %{_libdir}/%{pkgname}/python %dir %{_libdir}/%{pkgname}/plugins -%{_libdir}/%{pkgname}/plugins/*.so # This has to be hardcoded to /lib - $libdir changes between lib/lib64, but # sysctl.d is always in /lib. %{_prefix}/lib/sysctl.d/* @@ -551,7 +997,7 @@ exit 0 %exclude %{_sbindir}/ldap-agent* %exclude %{_mandir}/man1/ldap-agent.1.gz %exclude %{_unitdir}/%{pkgname}-snmp.service -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} %{_libdir}/%{pkgname}/lib/ %{_libdir}/%{pkgname}/bin/ %exclude %{_libdir}/%{pkgname}/bin/jemalloc-config @@ -561,6 +1007,9 @@ exit 0 %exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a %exclude %{_libdir}/%{pkgname}/lib/pkgconfig %endif +%if %{with libbdb_ro} +%exclude %{_libdir}/%{pkgname}/librobdb.so +%endif %files devel %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel @@ -579,10 +1028,10 @@ exit 0 %dir %{_libdir}/%{pkgname} %{_libdir}/libsvrcore.so.* %{_libdir}/%{pkgname}/libslapd.so.* -%{_libdir}/%{pkgname}/libns-dshttpd-*.so +%{_libdir}/%{pkgname}/libns-dshttpd.so.* %{_libdir}/%{pkgname}/libldaputil.so.* %{_libdir}/%{pkgname}/librewriters.so* -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} %{_libdir}/%{pkgname}/lib/libjemalloc.so.2 %endif @@ -593,144 +1042,52 @@ exit 0 %{_mandir}/man1/ldap-agent.1.gz %{_unitdir}/%{pkgname}-snmp.service -%files -n python%{python3_pkgversion}-lib389 -%doc LICENSE LICENSE.GPLv3+ -%{python3_sitelib}/lib389* -%{_sbindir}/dsconf -%{_mandir}/man8/dsconf.8.gz -%{_sbindir}/dscreate -%{_mandir}/man8/dscreate.8.gz -%{_sbindir}/dsctl -%{_mandir}/man8/dsctl.8.gz -%{_sbindir}/dsidm -%{_mandir}/man8/dsidm.8.gz -%{_libexecdir}/%{pkgname}/dscontainer +%if %{with bundle_libdb} +%files bdb +%doc LICENSE LICENSE.GPLv3+ README.devel LICENSE.libdb README.libdb lgpl-2.1.txt.libdb +%{_libdir}/%{pkgname}/%{libdb_bundle_name} +%{_libdir}/%{pkgname}/plugins/libback-bdb.so +%endif -%if %{use_cockpit} +%files -n python%{python3_pkgversion}-lib389 -f %{pyproject_files} +%doc src/lib389/README.md +%license LICENSE LICENSE.GPLv3+ +# Binaries +%{_bindir}/dsconf +%{_bindir}/dscreate +%{_bindir}/dsctl +%{_bindir}/dsidm +%{_bindir}/openldap_to_ds +%{_libexecdir}/%{pkgname}/dscontainer +# Man pages +%{_mandir}/man8/dsconf.8.gz +%{_mandir}/man8/dscreate.8.gz +%{_mandir}/man8/dsctl.8.gz +%{_mandir}/man8/dsidm.8.gz +%{_mandir}/man8/openldap_to_ds.8.gz +%exclude %{_mandir}/man1 +# Bash completions for scripts provided by python3-lib389 +%{bash_completions_dir}/dsctl +%{bash_completions_dir}/dsconf +%{bash_completions_dir}/dscreate +%{bash_completions_dir}/dsidm + +%if %{with cockpit} %files -n cockpit-389-ds -f cockpit.list %{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml %doc README.md %endif +%if %{with libbdb_ro} +%files robdb-libs +%license COPYING.librobdb COPYING.RPM +%doc %{_defaultdocdir}/%{name}-robdb-libs/README.md +%{_libdir}/%{pkgname}/librobdb.so +%{_licensedir}/%{name}-robdb-libs/COPYING +%{_licensedir}/%{name}/COPYING.RPM +%{_licensedir}/%{name}/COPYING.librobdb + +%endif + %changelog -* Mon Jan 25 2021 Fedora Release Engineering - 2.0.2-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Thu Jan 14 2021 Mark Reynolds - 2.0.2-1 -- Bump version to 2.0.2 -- Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540) -- Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529) -- Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated -- Issue 4537 - Use KRB5_CLIENT_KTNAME for client keytabs (#4523) -- Issue 4513 - CI Tests - fix test failures -- Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533) -- Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt -- Issue 4504 - pytest test_dsconf_replication_monitor fails on RHEL - Fix merging issue (#4530) -- Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527) -- Issue 4506 - BUG - Fix bounds on fd table population (#4520) -- Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525) -- Issue 4219 - Log internal unindexed searches (notes=A) -- Issue 4384 - Separate eventq into REALTIME and MONOTONIC -- Issue 4381 - RFE - LDAPI authentication DN rewritter -- Issue 4513 - Fix schema test and lib389 task module (#4514) -- Issue 4414 - disk monitoring - prevent division by zero crash -- Issue 4517 - BUG: Multiple systemd pin warnings (#4518) -- Issue 4507 - Improve csngen testing task (#4508) -- Issue 4498 - BUG - entryuuid replication may not work (#4503) -- Issue 4480 - Unexpected info returned to ldap request (#4491) -- Issue 4504 - Fix pytest test_dsconf_replication_monitor (#4505) -- Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502) -- Issue 4500 - Add cockpit enabling to dsctl -- Issue 4272 - RFE - add support for gost-yescrypt for hashing passwords (#4497) -- Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481) -- Issue 3522 - Remove DES to AES conversion code -- Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493) -- Issue 4373 - BUG - calloc of size 0 in MT build (#4496) -- Issue 4483 - heap-use-after-free in slapi_be_getsuffix -- Issue 4486 - Remove random ldif file generation from import test (#4487) -- Issue 4224 - cleanup specfile after libsds removal -- Issue 4421 - Unable to build with Rust enabled in closed environment -- Issue 4489 - Remove return statement from a void function (#4490) -- Issue 4229 - RFE - Improve rust linking and build performance (#4474) -- Issue 4224 - openldap can become confused with entryuuid -- Issue 4313 - improve tests and improve readme re refdel -- Issue 4313 - fix potential syncrepl data corruption -- Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476) -- Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475) -- Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt (#4437) -- Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472) -- Issue 4446 - RFE - openldap password hashers -- Issue 4284 - dsidm fails to delete an organizationalUnit entry -- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466) -- Issue 4464 - RFE - clang with ds+asan+rust -- Issue 4105 - Remove python.six (fix regression) -- Issue 4384 - Use MONOTONIC clock for all timing events and conditions -- Issue 4418 - ldif2db - offline. Warn the user of skipped entries -- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467) -- Issue 4460 - BUG - lib389 should use system tls policy -- Issue 3657 - Add options to dsctl for dsrc file -- Issue 4454 - RFE - fix version numbers to allow object caching -- Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set -- Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439) -- Issue 4112 - Added a CI test (#4441) -- Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451) -- Issue 4105 - Remove python.six from lib389 (#4456) -- Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444) -- Issue 4410 - RFE - ndn cache with arc in rust -- Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid -- Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining -- Issue 4428 - Paged Results with Chaining Test Case -- Issue 2054 - do not add referrals for masters with different data generation -- Issue 4383 - Do not normalize escaped spaces in a DN -- Issue 4432 - After a failed online import the next imports are very slow -- Issue 4316 - performance search rate: useless poll on network send callback (#4424) -- Issue 4281 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked' -- Issue 4429 - NULL dereference in revert_cache() -- Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422) -- Issue 4407 - RFE - remove http client and presence plugin (#4409) -- Issue 4398 - build problems at alpine linux -- Issue 4415 - unable to query schema if there are extra parenthesis - -* Thu Oct 29 2020 Mark Reynolds - 2.0.1-1 -- Bump version to 2.0.1 -- Issue 4420 - change NVR to use X.X.X instead of X.X.X.X -- Issue 4391 - DSE config modify does not call be_postop (#4394) -- Issue 4218 - Verify the new wtime and optime access log keywords (#4397) -- Issue 4176 - CL trimming causes high CPU -- Issue 2058 - Add keep alive entry after on-line initialization - second version (#4399) -- Issue 4403 - RFE - OpenLDAP pw hash migration tests (#4408) - -* Wed Oct 28 2020 Mark Reynolds - 1.4.5.0-1 -- Bump version to 1.4.5.0 -- Issue 4262 - more perl removal cleanup -- Issue 2526 - retrocl backend created out of order - -* Mon Oct 26 2020 Mark Reynolds - 1.4.4.6-1 -- Bump version to 1.4.4.6 -- Issue 4262 - Remove legacy tools subpackage (final cleanup) -- Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install) -- Issue 4262 - Remove legacy tools subpackage -- Issue 2526 - revert API change in slapi_be_getsuffix() -- Issue 4363 - Sync repl: per thread structure was incorrectly initialized (#4395) -- Issue 4392 - Update create_test.py -- Issue 2820 - Fix CI tests (#4365) -- Issue 2526 - suffix management in backends incorrect -- Issue 4389 - errors log with incorrectly formatted message parent_update_on_childchange -- Issue 4295 - Fix a closing quote issue (#4386) -- Issue 1199 - Misleading message in access log for idle timeout (#4385) -- Issue 3600 - RFE - openldap migration tooling (#4318) -- Issue 4176 - import ldif2cl task should not close all changelogs -- Issue 4159 - Healthcheck code DSBLE0002 not returned on disabled suffix -- Issue 4379 - allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service (#4380) -- Issue 4329 - Sync repl - if a serie of updates target the same entry then the cookie get wrong changenumber (#4356) -- Issue 3555 - Fix npm audit issues (#4370) -- Issue 4372 - BUG - Chaining DB did not validate bind mech parameters (#4374) -- Issue 4334 - RFE - Task timeout may cause larger dataset imports to fail (#4359) -- Issue 4361 - RFE - add - dscreate --advanced flag to avoid user confusion -- Issue 4368 - ds-replcheck crashes when processing glue entries -- Issue 4366 - lib389 - Fix account status inactivity checks -- Issue 4265 - UI - Make the secondary plugins read-only (#4364) -- Issue 4360 - password policy max sequence sets is not working as expected -- Issue 4348 - Add tests for dsidm -- Issue 4350 - One line, fix invalid type error in tls_cacertdir check (#4358) - +%autochangelog diff --git a/389-ds-base.sysusers b/389-ds-base.sysusers new file mode 100644 index 0000000..32a3452 --- /dev/null +++ b/389-ds-base.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g dirsrv 389 +u dirsrv 389:389 "user for 389-ds-base" /usr/share/dirsrv/ /sbin/nologin diff --git a/changelog b/changelog new file mode 100644 index 0000000..4500dfa --- /dev/null +++ b/changelog @@ -0,0 +1,513 @@ +* Tue May 14 2024 James Chapman - 3.1.0-1 +- Bump version to 3.1.0 +- Issue 6142 - Fix CI tests (#6161) +- Issue 6157 - Cockipt crashes when getting replication status if topology contains an old 389ds version (#6158) +- Issue 5105 - lmdb - Cannot create entries with long rdn - fix covscan (#6131) +- Issue 6086 - Ambiguous warning about SELinux in dscreate for non-root user +- Issue 6094 - Add coverity scan workflow +- Issue 5962 - Rearrange includes for 32-bit support logic +- Issue 6046 - Make dscreate to work during kickstart installations +- Issue 6073 - Improve error log when running out of memory (#6084) +- Issue 6071 - Instance creation/removal is slow +- Issue 6010 - 389 ds ignores nsslapd-maxdescriptors (#6027) +- Issue 6075 - Ignore build artifacts (#6076) +- Issue 6068 - Add dscontainer stop function + +* Mon Apr 15 2024 James Chapman - 3.0.2-1 +- Bump version to 3.0.2 +- Issue 6082 - Remove explicit dependencies toward libdb - revert default (#6145) +- Issue 6142 - [RFE] Add LMDB configuration related checks into Healthcheck tool (#6143) +- Issue 6141 - freeipa test_topology_TestCASpecificRUVs is failing (#6144) +- Issue 6136 - failure in freeipa tests (#6137) +- Issue 6119 - Synchronise accept_thread with slapd_daemon (#6120) +- Issue 6105 - lmdb - Cannot create entries with long rdn (#6130) +- Issue 6082 - Remove explicit dependencies toward libdb (#6083) +- Issue i6057 - Fix3 - Fix covscan issues (#6127) +- Issue 6057 - vlv search may result wrong result with lmdb - Fix 2 (#6121) +- Issue 6057 - vlv search may result wrong result with lmdb (#6091) +- Issue 6092 - passwordHistory is not updated with a pre-hashed password (#6093) +- Issue 6133 - Move slapi_pblock_set_flag_operation_notes() to slapi-plugin.h +- Issue 6125 - dscreate interactive fails when chosing mdb backend (#6126) +- Issue 6110 - Typo in Account Policy plugin message +- Issue 6080 - ns-slapd crash in referint_get_config (#6081) +- Issue 6117 - Fix the UTC offset print (#6118) +- Issue 5305 - OpenLDAP version autodetection doesn't work +- Issue 6112 - RFE - add new operation note for MFA authentications +- Issue 5842 - Add log buffering to audit log +- Issue 3527 - Support HAProxy and Instance on the same machine configuration (#6107) +- Issue 6103 - New connection timeout error breaks errormap (#6104) +- Issue 6096 - Improve connection timeout error logging (#6097) +- Issue 6067 - Improve dsidm CLI No Such Entry handling (#6079) +- Issue 6067 - Add hidden -v and -j options to each CLI subcommand (#6088) +- Issue 6061 - Certificate lifetime displayed as NaN + +* Wed Jan 31 2024 Pete Walter - 3.0.1-2 +- Rebuild for ICU 74 + +* Tue Jan 30 2024 Simon Pichugin - 3.0.1-1 +- Bump version to 3.0.1 +- Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045) +- Issue 3555 - Remove audit-ci from dependencies (#6056) +- Issue 6052 - Paged results test sets hostname to `localhost` on test collection +- Issue 6051 - Drop unused pytest markers +- Issue 6049 - lmdb - changelog is wrongly recreated by reindex task (#6050) +- Issue 6047 - Add a check for tagged commits +- Issue 6041 - dscreate ds-root - accepts relative path (#6042) +- Switch default backend to lmdb and bump version to 3.0 (#6013) +- Issue 6032 - Replication broken after backup restore (#6035) +- Issue 6037 - Server crash at startup in vlvIndex_delete (#6038) +- Issue 6034 - Change replica_id from str to int +- Issue 6028 - vlv index keys inconsistencies (#6031) +- Issue 5989 - RFE support of inChain Matching Rule (#5990) +- Issue 6022 - lmdb inconsistency between vlv index and vlv cache names (#6026) +- Issue 6015 - Fix typo remeber (#6014) +- Issue 6016 - Pin upload/download artifacts action to v3 +- Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) +- Issue 4673 - Update Rust crates +- Issue 6004 - idletimeout may be ignored (#6005) +- Issue 5954 - Disable Transparent Huge Pages +- Issue 5997 - test_inactivty_and_expiration CI testcase is wrong (#5999) +- Issue 5993 - Fix several race condition around CI tests (#5996) +- Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) +- Bump openssl from 0.10.55 to 0.10.60 in /src (#5995) +- Issue 5980 - Improve instance startup failure handling (#5991) +- Issue 5976 - Fix freeipa install regression with lmdb (#5977) +- Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987) +- Issue 5984 - Crash when paged result search are abandoned (#5985) +- Issue 5947 - CI test_vlv_recreation_reindex fails on LMDB (#5979) + +* Mon Jan 29 2024 Fedora Release Engineering - 2.4.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 2.4.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 2.4.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 18 2024 Fedora Release Engineering - 2.4.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 18 2024 Viktor Ashirov - 2.4.5-1 +- Bump version to 2.4.5 +- Issue 5989 - RFE support of inChain Matching Rule (#5990) +- Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) +- Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) +- Issue 5954 - Disable Transparent Huge Pages +- Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987) +- Issue 5984 - Crash when paged result search are abandoned (#5985) + +* Wed Nov 15 2023 James Chapman - 2.4.4 +- Bump version to 2.4.4 +- Issue 5971 - CLI - Fix password prompt for repl status (#5972) +- Issue 5973 - Fix fedora cop RawHide builds (#5974) +- Revert "Issue 5761 - Worker thread dynamic management (#5796)" (#5970) +- Issue 5966 - CLI - Custom schema object is removed on a failed edit (#5967) +- Issue 5786 - Update permissions for Release workflow +- Issue 5960 - Subpackages should have more strict interdependencies +- Issue 3555 - UI - Fix audit issue with npm - babel/traverse (#5959) +- Issue 4843 - Fix dscreate create-template issue (#5950) +- bugfix for --passwd-file not working on latest version (#5934) +- Issue 5843 - dsconf / dscreate should be able to handle lmdb parameters (#5943) +- Bump postcss from 8.4.24 to 8.4.31 in /src/cockpit/389-console (#5945) +- Issue 5938 - Attribute Names changed to lowercase after adding the Attributes (#5940) +- issue 5924 - ASAN server build crash when looping opening/closing connections (#5926) +- Issue 1925 - Add a CI test (#5936) +- Issue 5732 - Localizing Cockpit's 389ds Plugin using CockpitPoPlugin (#5764) +- Issue 1870 - Add a CI test (#5929) +- Issue 843 - Add a warning to slapi_valueset_add_value_ext (#5925) +- Issue 5761 - Worker thread dynamic management (#5796) +- Issue 1802 - Improve ldclt man page (#5928) +- Issue 1456 - Add a CI test that verifies there is no issue (#5927) +- Issue 1317 - Add a CI test (#5923) +- Issue 1081 - CI - Add more tests for overwriting x-origin issue (#5815) +- Issue 1115 - Add a CI test (#5913) +- Issue 5848 - Fix condition and add a CI test (#5916) +- Issue 5848 - Fix condition and add a CI test (#5916) +- Issue 5914 - UI - server settings page validation improvements and db index fixes +- Issue 5909 - Multi listener hang with 20k connections (#5917) +- Issue 5902 - Fix previous commit regression (#5919) +- pass instance correctly to ds_is_older (#5903) +- Issue 5909 - Multi listener hang with 20k connections (#5910) +- Issue 5722 - improve testcase (#5904) +- Issue 5203 - outdated version in provided metadata for lib389 +- Bug Description: +- issue 5890 part 2 - Need a tester for testing multiple listening thread feature (#5897) +- Issue i5846 - Crash when lmdb import is aborted (#5881) +- Issue 5894 - lmdb import error fails with Could not store the entry (#5895) +- Issue 5890 - Need a tester for testing multiple listening thread feature (#5891) +- Issue 5082 - slugify: ModuleNotFoundError when running test cases +- Issue 4551 - Part 2 - Fix build warning of previous PR (#5888) +- Issue 5834 - AccountPolicyPlugin erroring for some users (#5866) +- Issue 5872 - part 2 - fix is_dbi regression (#5887) +- Issue 4758 - Add tests for WebUI +- Issue 5848 - dsconf should prevent setting the replicaID for hub and consumer roles (#5849) +- Issue 5883 - Remove connection mutex contention risk on autobind (#5886) +- Issue 5872 - `dbscan()` in lib389 can return bytes + +* Thu Aug 3 2023 Mark Reynolds - 2.4.3-1 +- Bump version to 2.4.3-1 +- Issue 5729 - Memory leak in factory_create_extension (#5814) +- Issue 5870 - ns-slapd crashes at startup if a backend has no suffix (#5871) +- Issue 5876 - CI Test random failure - Import (#5879) +- Issue 5877 - test_basic_ldapagent breaks test_setup_ds_as_non_root* tests +- Issue 5867 - lib389 should use filter for tarfile as recommended by PEP 706 (#5868) +- Issue 5853 - Update Cargo.lock and fix minor warning (#5854) +- Issue 5785 - CLI - arg completion is broken +- Issue 5864 - Server fails to start after reboot because it's unable to access nsslapd-rundir +- Issue 5856 - SyntaxWarning: invalid escape sequence '\,' +- Issue 5859 - dbscan fails with AttributeError: 'list' object has no attribute 'extends' +- Issue 3527 - UI - Add nsslapd-haproxy-trusted-ip to server setting (#5839) +- Issue 4551 - Paged search impacts performance (#5838) +- Issue 4758 - Add tests for WebUI +- Issue 4169 - UI - Fix retrochangelog and schema Typeaheads (#5837) +- issue 5833 - dsconf monitor backend fails on lmdb (#5835) +- Issue 3555 - UI - Fix audit issue with npm - stylelint (#5836) + +* Mon Jul 24 2023 Mark Reynolds - 2.4.2-5 +- Bump version to 2.4.2-5 +- Add the bash completion scripts to the appropriate files section + +* Wed Jul 19 2023 Fedora Release Engineering - 2.4.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jul 11 2023 FrantiĊĦek Zatloukal - 2.4.2-3 +- Rebuilt for ICU 73.2 + +* Mon Jul 10 2023 Mark Reynolds - 2.4.2-2 +- Bump version to 2.4.2-2 +- Issue 5752 - RFE - Provide a history for LastLoginTime (#5807) += Issue 4719 - CI - Add dsconf add a PTA URL test + +* Fri Jul 7 2023 Mark Reynolds - 2.4.2-1 +- Bump version to 2.4.2 +- Issue 5793 - UI - fix suffix selection in export modal +- Issue 5793 - UI - Fix minor crashes (#5827) +- Issue 5825 - healthcheck - password storage scheme warning needs more info +- Issue 5822 - Allow empty export path for db2ldif +- Issue 5755 - Massive memory leaking on update operations (#5824) +- Issue 5701 - CI - Add more tests for referral mode fix (#5810) +- Issue 5551 - Almost empty and not loaded ns-slapd high cpu load +- Issue 5755 - The Massive memory leaking on update operations (#5803) +- Issue 2375 - CLI - Healthcheck - revise and add new checks +- Bump openssl from 0.10.52 to 0.10.55 in /src +- Issue 5793 - UI - movce from webpack to esbuild bundler +- Issue 5752 - CI - Add more tests for lastLoginHistorySize RFE (#5802) +- Issue 3527 - Fix HAProxy x390x compatibility and compiler warnings (#5801) +- Issue 5798 - CLI - Add multi-valued support to dsconf config (#5799) +- Issue 5781 - Bug handling return code of pre-extended operation plugin. +- Issue 5785 - move bash completion to post section of specfile +- Issue 5156 - (cont) RFE slapi_memberof reusing memberof values (#5744) +- Issue 4758 - Add tests for WebUI +- Issue 3527 - Add PROXY protocol support (#5762) +- Issue 5789 - Improve ds-replcheck error handling +- Issue 5786 - CLI - registers tools for bash completion +- Issue 5786 - Set minimal permissions on GitHub Workflows (#5787) +- Issue 5646 - Various memory leaks (#5725) +- Issue 5778 - UI - Remove error message if .dsrc is missing +- Issue 5751 - Cleanallruv task crashes on consumer (#5775) + +* Wed Jun 28 2023 Python Maint - 2.4.1-2 +- Rebuilt for Python 3.12 + +* Thu May 18 2023 Mark Reynolds - 2.4.1-1 +- Bump version to 2.4.1 +- Issue 5770 - RFE - Extend Password Adminstrators to allow skipping password info updates +- Issue 5768 - CLI/UI - cert checks are too strict, and other issues +- Issue 5722 - fix compilation warnings (#5771) +- Issue 5765 - Improve installer selinux handling +- Issue 152 - RFE - Add support for LDAP alias entries +- Issue 5052 - BUG - Custom filters prevented entry deletion (#5060) +- Issue 5752 - RFE - Provide a history for LastLoginTime (#5753) +- Issue 5722 - RFE When a filter contains 'nsrole', improve response time by rewriting the filter (#5723) +- Issue 5704 - crash in sync_refresh_initial_content (#5720) +- Issue 5738 - RFE - UI - Read/write replication monitor info to .dsrc file +- Issue 5156 - build warnings (#5758) +- Issue 5749 - RFE - Allow Account Policy Plugin to handle inactivity and expiration at the same time +- Issue 5743 - Disabling replica crashes the server (#5746) +- Issue 2562 - Copy config files into backup directory +- Issue 5156 - fix build breakage from slapi-memberof commit +- Issue 4758 - Add tests for WebUI + +* Tue Apr 25 2023 Mark Reynolds - 2.4.0-1 +- Bump version to 2.4.0 +- Issue 5156 - RFE that implement slapi_memberof (#5694) +- Issue 5734 - RFE - Exclude pwdFailureTime and ContextCSN (#5735) +- Issue 5726 - ns-slapd crashing in ldbm_back_upgradednformat (#5727) +- Issue 4758 - Add tests for WebUI +- Issue 5718 - Memory leak in connection table (#5719) +- Issue 5705 - Add config parameter to close client conns on failed bind (#5712) +- Issue 4758 - Add tests for WebUI +- Issue 5643 - Memory leak in entryrdn during delete (#5717) +- Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations +- Issue 5701 - CLI - Fix referral mode setting (#5708) +- Bump openssl from 0.10.45 to 0.10.48 in /src (#5709) +- Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711) +- Issue 5697 - Obsolete nsslapd-ldapimaprootdn attribute (#5698) +- Issue 1081 - Stop schema replication from overwriting x-origin +- Issue 4812 - Listener thread does not scale with a high num of established connections (#5706) +- Issue 4812 - Listener thread does not scale with a high num of established connections (#5681) +- Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699) +- Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692) +- Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691) +- Issue 5687 - UI - sensitive information disclosure +- Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV (#5676) +- Issue 5554 - Add more tests to security_basic_test suite +- Issue 4583 - Update specfile to skip checks of ASAN builds +- Issue 4758 - Add tests for WebUI +- Issue 3604 - UI - Add support for Subject Alternative Names in CSR +- Issue 5600 - buffer overflow when enabling sync repl plugin when dynamic plugins is enabled +- Issue 5640 - Update logconv for new logging format +- Issue 5162 - CI - fix error message for invalid pem file +- Issue 5598 - In 2.x, SRCH throughput drops by 10% because of handling of referral (#5604) +- Issue 5671 - covscan - clang warning (#5672) +- Issue 5267 - CI - Fix issues with nsslapd-return-original-entrydn +- Issue 5666 - CLI - Add timeout parameter for tasks +- Issue 5567 - CLI - make ldifgen use the same default ldif name for all options +- Issue 5647 - Fix unused variable warning from previous commit (#5670) +- Issue 5162 - Lib389 - verify certificate type before adding +- Issue 5642 - Build fails against setuptools 67.0.0 +- Issue 5630 - CLI - need to add logging filter for stdout +- Issue 5646 - CLI/UI - do not hardcode password storage schemes +- Issue 5640 - Update logconv for new logging format +- issue 5647 - covscan: memory leak in audit log when adding entries (#5650) +- Issue 5658 - CLI - unable to add attribute with matching rule +- Issue 5653 - covscan - fix invalid dereference +- Issue 5652 - Libasan crash in replication/cascading_test (#5659) +- Issue 5628 - Handle graceful timeout in CI tests (#5657) +- Issue 5648 - Covscan - Compiler warnings (#5651) +- Issue 5630 - CLI - error messages should goto stderr +- Issue 2435 - RFE - Raise IDL Scan Limit to INT_MAX (#5639) +- Issue 5632 - CLI - improve error handling with db2ldif +- Issue 5517 - Replication conflict CI test sometime fails (#5518) +- Issue 5634 - Deprecated warning related to github action workflow code (#5635) +- Issue 5637 - Covscan - fix Buffer Overflows (#5638) +- Issue 5624 - RFE - UI - export certificates, and import text base64 encoded certificates +- Bump tokio from 1.24.1 to 1.25.0 in /src (#5629) +- Issue 4577 - Add LMDB pytest github action (#5627) +- Issue 4293 - RFE - CLI - add dsrc options for setting user and group subtrees +- Remove stale libevent(-devel) dependency +- Issue 5578 - dscreate ds-root does not normaile paths (#5613) +- Issue 5497 - boolean attributes should be case insensitive + +* Fri Mar 31 2023 Viktor Ashirov - 2.3.2-3 +- Fix build issue against setuptools 67.0.0 (#2183375) + +* Tue Feb 28 2023 Simon Pichugin - 2.3.2-2 +- Use systemd-sysusers for dirsrv user and group (#2173834) + +* Mon Jan 23 2023 Mark Reynolds - 2.3.2-1 +- Bump version to 2.3.2 +- Issue 5547 - automember plugin improvements +- Issue 5607, 5351, 5611 - UI/CLI - fix various issues +- Issue 5610 - Build failure on Debian +- Issue 5608 - UI - need to replace some "const" with "let" +- Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579) +- Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584) +- Issue 5605 - Adding a slapi_log_backtrace function in libslapd (#5606) +- Issue 5602 - UI - browser crash when trying to modify read-only variable +- Issue 5581 - UI - Support cockpit dark theme +- Issue 5593 - CLI - dsidm account subtree-status fails with TypeError +- Issue 5591 - BUG - Segfault in cl5configtrim with invalid confi (#5592) +- Fix latest npm audit failures +- Issue 5599 - CI - webui tests randomly fail +- Issue 5348 - RFE - CLI - add functionality to do bulk updates to entries +- Issue 5588 - Fix CI tests +- Issue 5585 - lib389 password policy DN handling is incorrect (#5587) +- Issue 5521 - UI - Update plugins for new split PAM and LDAP pass thru auth +- Bump json5 from 2.2.1 to 2.2.3 in /src/cockpit/389-console +- Issue 5236 - UI add specialized group edit modal +- Issue 5550 - dsconf monitor crashes with Error math domain error (#5553) +- Issue 5278 - CLI - dsidm asks for the old password on password reset +- Issue 5531 - CI - use universal_lines in capture_output +- Issue 5425 - CLI - add confirmation arg when deleting backend +- Issue 5558 - non-root instance fails to start on creation (#5559) +- Issue 5545 - A random crash in import over lmdb (#5546) +- Issue 3615 - CLI - prevent virtual attribute indexing +- Update specfile and rust crates +- Issue 5413 - Allow mutliple MemberOf fixup tasks with different bases/filters +- Issue 5554 - Add more tests to security_basic_test suite (#5555) +- Issue 5561 - Nightly tests are failing +- Issue 5521 - RFE - split pass through auth cli +- Issue 5521 - BUG - Pam PTA multiple issues +- Issue 5544 - Increase default task TTL +- Issue 5526 - RFE - Improve saslauthd migration options (#5528) +- Issue 5539 - Make logger's parameter name unified (#5540) +- Issue 5541 - Fix typo in `lib389.cli_conf.backend._get_backend` (#5542) +- Issue 3729 - (cont) RFE Extend log of operations statistics in access log (#5538) +- Issue 5534 - Fix a rebase typo (#5537) +- Issue 5534 - Add copyright text to the repository files + +* Wed Jan 18 2023 Fedora Release Engineering - 2.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sat Dec 31 2022 Pete Walter - 2.3.1-2 +- Rebuild for ICU 72 + +* Fri Nov 18 2022 Mark Reynolds - 2.3.1-1 +- Bump version to 2.3.1 +- Issue 5532 - Make db compaction TOD day more robust. +- Issue 3729 - RFE Extend log of operations statistics in access log (#5508) +- Issue 5529 - UI - Fix npm vulnerability in loader-utils +- Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498) +- Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement +- Issue 5510 - remove twalk_r dependency to build on RHEL8 (#5516) +- Issue 5162 - RFE - CLI allow adding CA certificate bundles +- Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455) +- Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513) +- Issue 3555 - UI - fix audit issue with npm loader-utils (#5514) +- Issue 5505 - Fix compiler warning (#5506) +- Issue 5469 - Increase the default value of nsslapd-conntablesize (#5472) +- Issue 5408 - lmdb import is slow (#5481) +- Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed +- Issue 5502 - RFE - Add option to display entry attributes in audit log +- Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501) +- Issue 5367 - RFE - store full DN in database record +- Issue 5495 - RFE - skip dds during migration. (#5496) +- Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492) +- Issue 5368 - Retro Changelog trimming does not work (#5486) +- Issue 5487 - Fix various issues with logconv.pl +- Issue 5476 - RFE - add memberUid read aci by default (#5477) +- Issue 5482 - lib389 - Can not enable replication with a mixed case suffix +- Issue 5478 - Random crash in connection code during server shutdown (#5479) +- Issue 3061 - RFE - Add password policy debug log level +- Issue 5302 - Release tarballs don't contain cockpit webapp +- Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264) +- Issue 4324 - Revert recursive pthread mutex change (#5463) +- Issue 5462 - RFE - add missing default indexes (#5464) +- Issue 5465 - Fix dbscan linking (#5466) +- Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272) +- Issue 5453 - UI/CLI - Changing Root DN breaks UI +- Issue 5446 - Fix some covscan issues (#5451) +- Issue 4308 - checking if an entry is a referral is expensive +- Issue 5447 - UI - add NDN max cache size to UI +- Issue 5443 - UI - disable save button while saving +- Issue 5413 - Allow only one MemberOf fixup task at a time +- Issue 4592 - dscreate error with custom dir_path (#5434) +- Issue 5158 - entryuuid fixup tasks fails in replicated topology (#5439) + +* Tue Sep 20 2022 Mark Reynolds - 2.3.0-2 +- Bump version to 2.3.0-2 +- Update old pcre-devel requirement to pcre2-devel + +* Thu Sep 1 2022 Mark Reynolds - 2.3.0-1 +- Bump version to 2.3.0 +- Issue 5012 - Migrate pcre to pcre2 - remove match limit +- Issue 5356 - Make Rust non-optional and update default password storage scheme +- Issue 5012 - Migrate pcre to pcre2 +- Issue 5428 - Fix regression with nscpEntryWsi computation +- Fix missing 'not' in description (closes #5423) (#5424) +- Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422) +- Issue 3903 - fix repl keep alive event interval +- Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420) +- Issue 5415 - Hostname when set to localhost causing failures in other tests +- Issue 5412 - lib389 - do not set backend name to lowercase +- Issue 5407 - sync_repl crashes if enabled while dynamic plugin is enabled (#5411) +- Issue 5385 - LMDB - import crash in rdncache_add_elem (#5406) +- Issue 5403 - Memory leak in conntection table mulit list (#5404) +- Issue 3903 - keep alive update event starts too soon +- Issue 5397 - Fix various memory leaks +- Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400) +- Issue 3903 - Supplier should do periodic updates +- Issue 5377 - Code cleanup: Fix Covscan invalid reference (#5393) +- Issue 5394 - configure doesn't check for lmdb and json-c +- Issue 5392 - dscreate fails when using alternative ports in the SELinux hi_reserved_port_t label range +- Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387) +- Issue 5388 - fix use-after-free and deadcode +- Issue 5383 - UI - Various fixes and RFE's for UI +- Issue 4656 - Remove problematic language from source code +- Issue 5380 - Separate cleanAllRUV code into new file +- Issue 5322 - optime & wtime on rejected connections is not properly set +- Issue 5335 - RFE - Add Security Audit Log +- Issue 5375 - CI - disable TLS hostname checking +- Issue 981 - Managed Entries betxnpreoperation - transaction not aborted on managed entry failure (#5369) +- Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function +- Issue 5371 - Update npm and cargo packages +- Issue 3069 - Support ECDSA private keys for TLS (#5365) +- Issue 5290 - Importing certificate chain files via "import-server-key-cert" no longer works (#5293) + +* Mon Aug 01 2022 Frantisek Zatloukal - 2.2.2-3 +- Rebuilt for ICU 71.1 + +* Wed Jul 20 2022 Fedora Release Engineering - 2.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jul 5 2022 Mark Reynolds - 2.2.2-1 +- Bump version to 2.2.2 +- Issue 5221 - fix covscan (#5359) +- Issue 5294 - Report Portal 5 is not processing an XML file with (#5358) +- Issue 5353 - CLI - dsconf backend export breaks with multiple backends +- Issue 5346 - New connection table fails with ASAN failures (#5350) +- Issue 5345 - BUG - openldap migration fails when ppolicy is active (#5347) +- Issue 5323 - BUG - improve skipping of monitor db (#5340) +- Issue 5329 - Improve replication extended op logging +- Issue 5343 - Various improvements to winsync +- Issue 4932 - CLI - add parser aliases to long arg names +- Issue 5332 - BUG - normalise filter as intended +- Issue 5327 - Validate test metadata +- Issue 4812 - Scalability with high number of connections (#5090) +- Issue 4348 - Add tests for dsidm +- Issue 5333 - 389-ds-base fails to build with Python 3.11 + +* Thu Jun 16 2022 Python Maint - 2.2.1-4 +- Rebuilt for Python 3.11 + +* Wed Jun 15 2022 Mark Reynolds - 2.2.1-3 +- Bump version to 2.2.1-3 +- Issue 5332 - BUG - normalise filter as intended +- Issue 5327 - Validate test metadata +- Issue 4348 - Add tests for dsidm +- Bump crossbeam-utils from 0.8.6 to 0.8.8 in /src +- Issue 5333 - 389-ds-base fails to build with Python 3.11 + +* Mon Jun 13 2022 Python Maint - 2.2.1-2 +- Rebuilt for Python 3.11 + +* Fri Jun 3 2022 Mark Reynolds - 2.2.1-1 +- Bump version to 2.2.1 +- Issue 5323 - BUG - Fix issue in mdb tests with monitor (#5326) +- Issue 5170 - BUG - incorrect behaviour of filter test (#5315) +- Issue 5324 - plugin acceptance test needs hardening +- Issue 5319 - dsctl_tls_test.py fails with openssl-3.x +- Issue 5323 - BUG - migrating database for monitoring interface lead to crash (#5321) +- Issue 5304 - Need a compatibility option about sub suffix handling (#5310) +- Issue 5313 - dbgen test uses deprecated -h HOST and -p PORT options for ldapmodify +- Issue 5311 - Missing Requires for acl in the spec file +- Issue 5305 - OpenLDAP version autodetection doesn't work +- Issue 5307 - VERSION_PREREL is not set correctly in CI builds +- Issue 5302 - Release tarballs don't contain cockpit webapp +- Issue 5170 - RFE - improve filter logging to assist debugging (#5301) +- Issue 5299 - jemalloc 5.3 released +- Issue 5175 - Remove stale zlib-devel dependency declaration (#5173) +- Issue 5294 - Report Portal 5 is not processing test results XML file +- Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285) +- Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292) +- Issue 379 - RFE - Compress rotated logs (fix linker) +- Issue 379 - RFE - Compress rotated logs +- Issue 5281 - HIGH - basic test does not run +- Issue 5284 - Replication broken after password change (#5286) +- Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int' +- Issue 5170 - RFE - Filter optimiser (#5171) +- Issue 5276 - CLI - improve task handling +- Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153) +- Issue 3 - ansible-ds - Prefix handling fix (#5275) +- Issue 5273 - CLI - add arg completer for instance name +- Issue 2893 - CLI - dscreate - add options for setting up replication +- Issue 4866 - CLI - when enabling replication set changelog trimming by default +- Issue 5241 - UI - Add account locking missing functionality (#5251) +- Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266) +- Issue 4904 - Fix various small issues +- lib389 prerequisite for ansible-ds (#5253) +- Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261) +- Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256) +- Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255) +- Issue 5210 - Python undefined names in lib389 +- Issue 5065 - Crash in suite plugins - test_dna_max_value (#5108) +- Issue 5247 - BUG - Missing attributes in samba schema (#5248) +- Issue 5242- Craft message may crash the server (#5243) +- Issue 4775 -plugin entryuuid failing (#5229) +- Issue 5239 - Nightly copr builds are broken +- Issue 5237 - audit-ci: Cannot convert undefined or null to object +- Issue 5234 - UI - rename Users and Groups tab +- Issue 5227 - UI - No way to move back to Get Started step (#5233) +- Issue 5217 - Simplify instance creation and administration by non root user (#5224) diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..323fbd6 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,15 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_testing] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_stable] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/jemalloc-5.3.0_throw_bad_alloc.patch b/jemalloc-5.3.0_throw_bad_alloc.patch new file mode 100644 index 0000000..94e4d36 --- /dev/null +++ b/jemalloc-5.3.0_throw_bad_alloc.patch @@ -0,0 +1,41 @@ +#commit 3de0c24859f4413bf03448249078169bb50bda0f +#Author: divanorama +#Date: Thu Sep 29 23:35:59 2022 +0200 +# +# Disable builtin malloc in tests +# +# With `--with-jemalloc-prefix=` and without `-fno-builtin` or `-O1` both clang and gcc may optimize out `malloc` calls +# whose result is unused. Comparing result to NULL also doesn't necessarily count as being used. +# +# This won't be a problem in most client programs as this only concerns really unused pointers, but in +# tests it's important to actually execute allocations. +# `-fno-builtin` should disable this optimization for both gcc and clang, and applying it only to tests code shouldn't hopefully be an issue. +# Another alternative is to force "use" of result but that'd require more changes and may miss some other optimization-related issues. +# +# This should resolve https://github.com/jemalloc/jemalloc/issues/2091 +# +#diff --git a/Makefile.in b/Makefile.in +#index 6809fb29..a964f07e 100644 +#--- a/Makefile.in +#+++ b/Makefile.in +#@@ -458,6 +458,8 @@ $(TESTS_OBJS): $(objroot)test/%.$(O): $(srcroot)test/%.c +# $(TESTS_CPP_OBJS): $(objroot)test/%.$(O): $(srcroot)test/%.cpp +# $(TESTS_OBJS): CPPFLAGS += -I$(srcroot)test/include -I$(objroot)test/include +# $(TESTS_CPP_OBJS): CPPFLAGS += -I$(srcroot)test/include -I$(objroot)test/include +#+$(TESTS_OBJS): CFLAGS += -fno-builtin +#+$(TESTS_CPP_OBJS): CPPFLAGS += -fno-builtin +# ifneq ($(IMPORTLIB),$(SO)) +# $(CPP_OBJS) $(C_SYM_OBJS) $(C_OBJS) $(C_JET_SYM_OBJS) $(C_JET_OBJS): CPPFLAGS += -DDLLEXPORT +# endif +diff --git a/src/jemalloc_cpp.cpp b/src/jemalloc_cpp.cpp +index fffd6aee..5a682991 100644 +--- a/src/jemalloc_cpp.cpp ++++ b/src/jemalloc_cpp.cpp +@@ -93,7 +93,7 @@ handleOOM(std::size_t size, bool nothrow) { + } + + if (ptr == nullptr && !nothrow) +- std::__throw_bad_alloc(); ++ throw std::bad_alloc(); + return ptr; + } diff --git a/main.fmf b/main.fmf new file mode 100644 index 0000000..76d16bf --- /dev/null +++ b/main.fmf @@ -0,0 +1,17 @@ +/plan: + summary: Basic test suite + discover: + how: fmf + execute: + how: tmt + prepare: + - name: install required packages + how: install + package: [389-ds-base, git, pytest] + - name: clone repo + how: shell + script: git clone https://github.com/389ds/389-ds-base /root/ds +/test: + /upstream_basic: + test: pytest -v /root/ds/dirsrvtests/tests/suites/basic/basic_test.py + duration: 30m diff --git a/sources b/sources index f0a20b7..7004305 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ -SHA512 (jemalloc-5.2.1.tar.bz2) = 0bbb77564d767cef0c6fe1b97b705d368ddb360d55596945aea8c3ba5889fbce10479d85ad492c91d987caacdbbdccc706aa3688e321460069f00c05814fae02 -SHA512 (389-ds-base-2.0.2.tar.bz2) = 42805311e45b2f3305f86da50d5a0128b19cd15aeb4787ccb67b5ceea9f7a7efe42076dff1d47d4d61012453405403c730c245d53431043eb05c125455938c37 +SHA512 (jemalloc-5.3.0.tar.bz2) = 22907bb052096e2caffb6e4e23548aecc5cc9283dce476896a2b1127eee64170e3562fa2e7db9571298814a7a2c7df6e8d1fbe152bd3f3b0c1abec22a2de34b1 +SHA512 (libdb-5.3.28-59.tar.bz2) = 731a434fa2e6487ebb05c458b0437456eb9f7991284beb08cb3e21931e23bdeddddbc95bfabe3a2f9f029fe69cd33a2d4f0f5ce6a9811e9c3b940cb6fde4bf79 +SHA512 (389-ds-base-3.2.0.tar.bz2) = 9ff6aa56b30863c619f4f324344dca72cc883236bfe8d94520e8469d9e306f54b373ee2504eda18dcb0ecda33f915a3e64a6f3cdaa93a69b74d901caa48545e1 diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 4643f2f..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- hosts: localhost - remote_user: root - vars: - ds_repo_url: https://pagure.io/389-ds-base.git - ds_repo_dir: ds - ds_tests: "{{ ds_repo_dir }}/dirsrvtests/tests" - pytest: py.test-3 - pytest_args: "-v --continue-on-collection-errors" - pytest_tests: "suites/basic" - artifacts: ./artifacts - roles: - - role: standard-test-basic - tags: - - classic - repositories: - - repo: "{{ ds_repo_url }}" - dest: "{{ ds_repo_dir }}" - tests: - - basic: - dir: "{{ ds_tests }}" - run: "{{ pytest }} {{ pytest_args }} {{ pytest_tests }}" - required_packages: - - python3-pytest - - 389-ds-base - - 389-ds-base-snmp - - 389-ds-base-legacy-tools