Branching 1.3.8 to 1.3.9

Ticket 49967 - entry cache corruption after failed MODRDN
Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from filter_candidates_ext
Ticket 49915 - fix compiler warnings (2nd)
Ticket 49915 - fix compiler warnings
Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and replication cannot finish

.gitignore

@@ -147,3 +147,23 @@
 /389-ds-base-1.3.6.5.tar.bz2
 /389-ds-base-1.3.6.6.tar.bz2
 /389-ds-base-1.3.7.1.tar.bz2
+/389-ds-base-1.3.7.2.tar.bz2
+/389-ds-base-1.3.7.3.tar.bz2
+/389-ds-base-1.3.7.4.tar.bz2
+/389-ds-base-1.3.7.5.tar.bz2
+/389-ds-base-1.3.7.6.tar.bz2
+/389-ds-base-1.3.7.7.tar.bz2
+/389-ds-base-1.3.7.8.tar.bz2
+/389-ds-base-1.3.7.9.tar.bz2
+/389-ds-base-1.3.7.10.tar.bz2
+/389-ds-base-1.3.8.1.tar.bz2
+/389-ds-base-1.3.8.2.tar.bz2
+/389-ds-base-1.3.8.3.tar.bz2
+/389-ds-base-1.3.8.4.tar.bz2
+/389-ds-base-1.3.8.5.tar.bz2
+/389-ds-base-1.3.8.6.tar.bz2
+/389-ds-base-1.3.8.7.tar.bz2
+/389-ds-base-1.3.8.8.tar.bz2
+/389-ds-base-1.3.8.9.tar.bz2
+/389-ds-base-1.3.8.10.tar.bz2
+/389-ds-base-1.3.9.0.tar.bz2

389-ds-base.spec

@@ -8,8 +8,6 @@
 # also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
 #% global relprefix 0.
 
-%global use_openldap 1
-%global use_db4 0
 # If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
 %global use_Socket6 0
 
@@ -31,10 +29,10 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.7.1
-Release:          %{?relprefix}2%{?prerel}%{?dist}.5
+Version:          1.3.9.0
+Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv3+
-URL:              http://www.port389.org
+URL:              https://www.port389.org
 Group:            System Environment/Daemons
 BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Conflicts:        selinux-policy-base < 3.9.8
@@ -43,19 +41,11 @@ Requires:         %{name}-libs = %{version}-%{release}
 Provides:         ldif2ldbm >= 0
 
 BuildRequires:    nspr-devel
-BuildRequires:    nss-devel
+BuildRequires:    nss-devel >= 3.34
 BuildRequires:    perl-generators
 BuildRequires:    svrcore-devel >= 4.1.3
-%if %{use_openldap}
 BuildRequires:    openldap-devel
-%else
-BuildRequires:    mozldap-devel
-%endif
-%if %{use_db4}
-BuildRequires:    db4-devel
-%else
 BuildRequires:    libdb-devel
-%endif
 BuildRequires:    cyrus-sasl-devel
 BuildRequires:    icu
 BuildRequires:    libicu-devel
@@ -80,6 +70,9 @@ BuildRequires:    libtool
 BuildRequires:    doxygen
 # For tests!
 BuildRequires:    libcmocka-devel
+BuildRequires:    python%{python3_pkgversion}
+BuildRequires:    python%{python3_pkgversion}-devel
+BuildRequires:    python%{python3_pkgversion}-setuptools
 BuildRequires:    libevent-devel
 %if %{use_tcmalloc}
 BuildRequires:    gperftools-devel
@@ -98,30 +91,28 @@ Requires:         policycoreutils-python-utils
 Requires:         /usr/sbin/semanage
 Requires:         libsemanage-python
 
+Requires:         selinux-policy >= 3.13.1-137
+
 # the following are needed for some of our scripts
-%if %{use_openldap}
 Requires:         openldap-clients
-%else
-Requires:         mozldap-tools
-%endif
+Requires:         python-ldap
+
 # use_openldap assumes perl-Mozilla-LDAP is built with openldap support
 Requires:         perl-Mozilla-LDAP
 
 # this is needed to setup SSL if you are not using the
 # administration server package
 Requires:         nss-tools
+Requires:         nss >= 3.34
 
 # these are not found by the auto-dependency method
 # they are required to support the mandatory LDAP SASL mechs
 Requires:         cyrus-sasl-gssapi
 Requires:         cyrus-sasl-md5
+Requires:         cyrus-sasl-plain
 
 # this is needed for verify-db.pl
-%if %{use_db4}
-Requires:         db4-utils
-%else
 Requires:         libdb-utils
-%endif
 
 # This picks up libperl.so as a Requires, so we add this versioned one
 Requires:         perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@@ -145,10 +136,7 @@ Requires:         perl-NetAddr-IP
 Requires:         systemd-libs
 Requires:         svrcore >= 4.1.3
 
-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
-Obsoletes:        %{name} <= 1.3.5.4
-
-Source0:          http://www.port389.org/binaries/%{name}-%{version}%{?prerel}.tar.bz2
+Source0:          https://releases.pagure.org/389-ds-base/%{name}-%{version}%{?prerel}.tar.bz2
 # 389-ds-git.sh should be used to generate the source tarball from git
 Source1:          %{name}-git.sh
 Source2:          %{name}-devel.README
@@ -161,18 +149,10 @@ the LDAP server and command line utilities for server administration.
 Summary:          Core libraries for 389 Directory Server
 Group:            System Environment/Daemons
 BuildRequires:    nspr-devel
-BuildRequires:    nss-devel
+BuildRequires:    nss-devel >= 3.34
 BuildRequires:    svrcore-devel >= 4.1.3
-%if %{use_openldap}
 BuildRequires:    openldap-devel
-%else
-BuildRequires:    mozldap-devel
-%endif
-%if %{use_db4}
-BuildRequires:    db4-devel
-%else
 BuildRequires:    libdb-devel
-%endif
 BuildRequires:    cyrus-sasl-devel
 BuildRequires:    libicu-devel
 BuildRequires:    pcre-devel
@@ -193,13 +173,9 @@ Group:            Development/Libraries
 Requires:         %{name}-libs = %{version}-%{release}
 Requires:         pkgconfig
 Requires:         nspr-devel
-Requires:         nss-devel
+Requires:         nss-devel >= 3.34
 Requires:         svrcore-devel >= 4.1.3
-%if %{use_openldap}
 Requires:         openldap-devel
-%else
-Requires:         mozldap-devel
-%endif
 Requires:         libtalloc
 Requires:         libevent
 Requires:         libtevent
@@ -212,20 +188,38 @@ Development Libraries and headers for the 389 Directory Server base package.
 Summary:          SNMP Agent for 389 Directory Server
 Group:            System Environment/Daemons
 Requires:         %{name} = %{version}-%{release}
-
-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
-Obsoletes:        %{name} <= 1.3.6.2
+Obsoletes:        %{name} <= 1.3.7.3
 
 %description      snmp
 SNMP Agent for the 389 Directory Server base package.
 
+%package -n python%{python3_pkgversion}-lib389
+Summary:  A library for accessing, testing, and configuring the 389 Directory Server
+BuildArch:        noarch
+Group:            Development/Libraries
+Requires: krb5-workstation
+Requires: krb5-server
+Requires: openssl
+Requires: iproute
+Requires: python%{python3_pkgversion}
+Requires: python%{python3_pkgversion}-pytest
+Requires: python%{python3_pkgversion}-pyldap
+Requires: python%{python3_pkgversion}-six
+Requires: python%{python3_pkgversion}-pyasn1
+Requires: python%{python3_pkgversion}-pyasn1-modules
+Requires: python%{python3_pkgversion}-dateutil
+%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
+
+%description -n python%{python3_pkgversion}-lib389
+This module contains tools and libraries for accessing, testing,
+ and configuring the 389 Directory Server.
+
 %package -n python%{python3_pkgversion}-%{srcname}-tests
 Summary:          The lib389 Continuous Integration Tests
 Group:            Development/Libraries
 BuildArch:        noarch
+Requires:         python%{python3_pkgversion}
 Requires:         python%{python3_pkgversion}-lib389
-BuildRequires:    python%{python3_pkgversion}-devel
-BuildRequires:    python%{python3_pkgversion}-setuptools
 
 %description  -n  python%{python3_pkgversion}-%{srcname}-tests
 The lib389 CI tests that can be run against the Directory Server.
@@ -240,9 +234,7 @@ sed -r -i '1s|^#!\s*/usr/bin.*python.*|#!%{__python3}|' ldap/admin/src/scripts/{
 
 %build
 
-%if %{use_openldap}
 OPENLDAP_FLAG="--with-openldap"
-%endif
 %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
 # hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
 NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
@@ -259,18 +251,25 @@ autoreconf -fiv
            --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
            --with-perldir=/usr/bin \
            --with-pythonexec=%{__python3} \
-           --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \
-           --with-systemd --enable-nunc-stans $TCMALLOC_FLAGS
+           --with-systemdgroupname=%{groupname} $NSSARGS \
+           --with-systemd $TCMALLOC_FLAGS
 
 # Generate symbolic info for debuggers
 export XCFLAGS=$RPM_OPT_FLAGS
 
 make %{?_smp_mflags}
 
+%if 0%{?rhel} >= 8 || 0%{?fedora}
 make setup.py
 
-#%py2_build
+# lib389
+pushd ./src/lib389
 %py3_build
+popd
+
+# tests
+%py3_build
+%endif
 
 %install
 
@@ -280,8 +279,16 @@ mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
 # Copy in our docs from doxygen.
 cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
 
-#%py2_install
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+# lib389
+pushd src/lib389
 %py3_install
+popd
+
+# tests
+%py3_install
+%endif
+
 
 mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
 mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
@@ -304,8 +311,7 @@ rm -rf $RPM_BUILD_ROOT
 output=/dev/null
 # reload to pick up any changes to systemd files
 /bin/systemctl daemon-reload >$output 2>&1 || :
-# reload to pick up any shared lib changes
-/sbin/ldconfig
+
 # find all instances
 instances="" # instances that require a restart after upgrade
 ninst=0 # number of instances found in total
@@ -363,9 +369,9 @@ echo remove pid files . . . >> $output 2>&1 || :
 echo upgrading instances . . . >> $output 2>&1 || :
 DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
 if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
-    %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
+    %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
 else
-    %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
+    %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || :
 fi
 
 # restart instances that require it
@@ -501,12 +507,311 @@ fi
 %{_mandir}/man1/ldap-agent.1.gz
 %{_unitdir}/%{pkgname}-snmp.service
 
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%files -n python%{python3_pkgversion}-lib389
+%defattr(-,root,root,-)
+%doc LICENSE LICENSE.GPLv3+
+%{_sbindir}/dsconf
+%{_sbindir}/dscreate
+%{_sbindir}/dsctl
+%{_sbindir}/dsidm
+%{python3_sitelib}/lib389*
+%endif
+
+%if 0%{?rhel} >= 8 || 0%{?fedora}
 %files -n python%{python3_pkgversion}-%{srcname}-tests
 %defattr(-,root,root,-)
 %doc LICENSE LICENSE.GPLv3+
-%{python3_sitelib}/*
+%{python3_sitelib}/dirsrvtests*
+%endif
 
 %changelog
+* Wed Oct 31 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.9.0-1
+- Branching 1.3.8 to 1.3.9
+- Ticket 49967 - entry cache corruption after failed MODRDN
+- Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from filter_candidates_ext
+- Ticket 49915 - fix compiler warnings (2nd)
+- Ticket 49915 - fix compiler warnings
+- Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and replication cannot finish
+
+* Wed Oct 10 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.10-1
+- Bump version to 1.3.8.10
+- Ticket 49969 - DOS caused by malformed search operation (part 2)
+
+* Tue Oct 9 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.9-1
+- Bump version to 1.3.8.9
+- Ticket 49969 - DOS caused by malformed search operation (security fix)
+- Ticket 49954 - On s390x arch retrieved DB page size is stored as size_t rather than uint32_t
+- Ticket 49937 - Log buffer exceeded emergency logging msg is not thread-safe (security fix)
+- Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly
+
+* Fri Aug 24 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.8-1
+- Bump version to 1.3.8.8
+- Revert "Ticket 49372 - filter optimisation improvements for common queries"
+- Revert "Ticket 49432 - filter optimise crash"
+
+* Fri Aug 10 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.7-1
+- Bump version to 1.3.8.7
+- Ticket 49890 - SECURITY FIX - ldapsearch with server side sort crashes the ldap server
+- Ticket 49893 - disable nunc-stans by default
+
+* Fri Jul 20 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.6-1
+- Bump version to 1.3.8.6
+- Ticket 49789 - backout original security fix as it caused a regression in FreeIPA
+
+* Tue Jul 17 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.5-1
+- Bump version to 1.3.8.5
+- Ticket 49789 - By default, do not manage unhashed password
+- Ticket 49546 - Fix issues with MIB file
+- Ticket 49840 - ds-replcheck command returns traceback errors against ldif files having garbage content when run in offline mode
+- Ticket 48818 - For a replica bindDNGroup, should be fetched the first time it is used not when the replica is started
+- Ticket 49780 - acl_copyEval_context double free
+- Ticket 49830 - Import fails if backend name is "default"
+- Ticket 49432 - filter optimise crash
+- Ticket 49372 - filter optimisation improvements for common queries
+- Update Source0 URL in rpm/389-ds-base.spec.in
+
+* Thu Jun 21 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-1
+- Bump version to 1.3.8.4-1
+- Ticket 49751 - passwordMustChange attribute is not honored by a RO consumer if using "Chain on Update"
+- Ticket 49734 - Fix various issues with Disk Monitoring
+- Ticket 49788 - Fixing 4-byte UTF-8 character validation
+
+* Mon Jun 11 2018 Mark Reynolds <mreyhnolds@redhat.com> - 1.3.8.3-2
+- Bump version to 1.3.8.3-2
+- Ticket 49576 - ds-replcheck: fix certificate directory verification
+
+* Mon Jun 11 2018 Mark Reynolds <mreyhnolds@redhat.com> - 1.3.8.3-1
+- Bump version to 1.3.8.3
+- Ticket 49746 - Additional compiler errors on ARM
+- Ticket 49746 - Segfault during replication startup on Arm device
+- Ticket 49742 - Fine grained password policy can impact search performance
+- Ticket 49768 - Under network intensive load persistent search can erronously decrease connection refcnt
+- Ticket 49765 - compiler warning
+- Ticket 49765 - Async operations can hang when the server is running nunc-stans
+- Ticket 49748 - Passthru plugin startTLS option not working
+- Ticket 49736 - Hardening of active connection list
+- Ticket 48184 - clean up and delete connections at shutdown (3rd)
+- Ticket 49726 - DS only accepts RSA and Fortezza cipher families
+- Ticket 49722 - Errors log full of " WARN - keys2idl - recieved NULL idl from index_read_ext_allids, treating as empty set" messages
+- Ticket 49576 - Add support of ";deletedattribute" in ds-replcheck
+- Ticket 49576 - Update ds-replcheck for new conflict entries
+
+* Thu May 24 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.2-1
+- Bump version to 1.3.8.2
+- Ticket 48184 - clean up and delete connections at shutdown (2nd try)
+- Ticket 49696 - replicated operations should be serialized
+- Ticket 49671 - Readonly replicas should not write internal ops to changelog
+- Ticket 49665 - Upgrade script doesn't enable CRYPT password storage plug-in
+- Ticket 49665 - Upgrade script doesn't enable PBKDF2 password storage plug-in
+
+* Tue May 8 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.1-1
+- Bump version to 1.3.8.1
+- Ticket 49661 - CVE-2018-1089 - Crash from long search filter
+- Ticket 49652 - DENY aci's are not handled properly
+- Ticket 49649 - Use reentrant crypt_r()
+- Ticket 49644 - crash in debug build
+- Ticket 49631 - same csn generated twice
+- Ticket 48184 - revert previous patch around nunc-stans shutdown crash
+- Ticket 49619 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received
+- Rebase to 1.3.8
+
+* Tue Mar 6 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.10-1
+- Bump version to 1.3.7.10
+- Ticket 49545 - final substring extended filter search returns invalid result
+- Ticket 49161 - memberof fails if group is moved into scope
+- ticket 49551 - correctly handle subordinates and tombstone numsubordinates
+- Ticket 49296 - Fix race condition in connection code with  anonymous limits
+- Ticket 49568 - Fix integer overflow on 32bit platforms
+- Ticket 49566 - ds-replcheck needs to work with hidden conflict entries
+- Ticket 49551 - fix memory leak found by coverity
+- Ticket 49551 - correct handling of numsubordinates for cenotaphs and tombstone delete
+- Ticket 49560 - nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl
+- Ticket 49557 - Add config option for checking CRL on outbound SSL Connections
+
+* Mon Feb 19 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.9-1.1
+- Add cyrus-sasl-plain requirement
+
+* Wed Jan 31 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.9-1
+- Bump version to 1.3.7.9
+- CVE-2017-15134 - Remote DoS via search filters in  slapi_filter_sprintf
+- Ticket 49546 - Fix broken snmp MIB file
+- Ticket 49541 - Replica ID config validation fix
+- Ticket 49370 - Crash when using a global and local pw  policies
+- Ticket 49540 - Indexing task is reported finished too early regarding the backend status
+- Ticket 49534 - Fix coverity regression
+- Ticket 49541 - repl config should not allow rid 65535 for masters
+- Ticket 49370 - Add all the password policy defaults to a new local policy
+- Ticket 49526 - Improve create_test.py script
+- Ticket 49534 - Fix coverity issues and regression
+- Ticket 49523 - memberof: schema violation error message is confusing as memberof will likely repair target entry
+- Ticket 49532 - coverity issues - fix compiler warnings & clang issues
+- Ticket 49463 - After cleanALLruv, there is a flow of keep alive DEL
+- Ticket 48184 - close connections at shutdown cleanly.
+- Ticket 49509 - Indexing of internationalized matching rules is failing
+- Ticket 49531 - coverity issues - fix memory leaks
+- Ticket 49529 - Fix Coverity warnings: invalid deferences
+- Ticket 49413 - Changelog trimming ignores disabled replica-agreement
+- Ticket 49446 - cleanallruv should ignore cleaned replica Id in processing changelog if in force mode
+- Ticket 49278 - GetEffectiveRights gives false-negative
+- Ticket 49524 - Password policy: minimum token length fails  when the token length is equal to attribute length
+- Ticket 49493 - heap use after free in csn_as_string
+- Ticket 49495 - Fix memory management is vattr.
+- Ticket 49471 - heap-buffer-overflow in ss_unescape
+- Ticket 49449 - Load sysctl values on rpm upgrade.
+- Ticket 49470 - overflow in pblock_get
+- Ticket 49474 - sasl allow mechs does not operate correctly
+- Ticket 49460 - replica_write_ruv log a failure even when it succeeds
+
+* Mon Nov 20 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.8-1
+- Bump version to 1.3.7.8
+- Ticket 49298 - fix complier warn
+- Ticket 49298 - Correct error codes with config restore.
+- Ticket 49435 - Fix NS race condition on loaded test systems
+- Ticket 49454 - SSL Client Authentication breaks in FIPS mode
+- Ticket 49410 - opened connection can remain no longer poll, like hanging
+- Ticket 48118 - fix compiler warning for incorrect return type
+- Ticket 49443 - scope one searches in 1.3.7 give incorrect results
+- Ticket 48118 - At startup, changelog can be erronously rebuilt after a normal shutdown
+- Ticket 49377 - Incoming BER too large with TLS on plain port
+- Ticket 49441 - Import crashes with large indexed binary  attributes
+
+* Fri Nov 3 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.7-1
+- Bump version to 1.3.7.7
+- Ticket 48393 - fix copy and paste error
+- Ticket 49439 - cleanallruv is not logging information
+- Ticket 48393 - Improve replication config validation
+- Ticket 49436 - double free in COS in some conditions
+- Ticket 48007 - CI test to test changelog trimming interval
+- Ticket 49424 - Resolve csiphash alignment issues
+- Ticket 49401 - Fix compiler incompatible-pointer-types warnings
+- Ticket 49401 - improve valueset sorted performance on delete
+- Ticket 48894 - harden valueset_array_to_sorted_quick valueset  access
+- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl
+- Ticket 49374 - server fails to start because maxdisksize is recognized incorrectly
+- Ticket 49408 - Server allows to set any nsds5replicaid in the existing replica entry
+- Ticket 49407 - status-dirsrv shows ellipsed lines
+- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl line 2565, <$LOGFH> line 4
+- Ticket 49386 - Memberof should be ignore MODRDN when the pre/post entry are identical
+- Ticket 48006 - Missing warning for invalid replica backoff  configuration
+- Ticket 49378 - server init fails
+- Ticket 49064 - testcase hardening
+- Ticket 49064 - RFE allow to enable MemberOf plugin in dedicated consumer
+- Ticket 49402 - Adding a database entry with the same database name that was deleted hangs server at shutdown
+- Ticket 49394 - slapi_pblock_get may leave unchanged the provided variable
+- Ticket 48235 - remove memberof lock (cherry-pick error)
+- Ticket 48235 - Remove memberOf global lock
+- Ticket 49363 - Merge lib389, all lib389 history in single patch
+
+* Mon Oct 9 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.6-1
+- Bump verson to 1.3.7.6
+- Ticket 49038 - remove legacy replication - change cleanup script precedence
+- Ticket 49392 - memavailable not available
+- Ticket 49320 - Activating already active role returns error 16
+- Ticket 49389 - unable to retrieve specific cosAttribute when subtree password policy is configured
+- Ticket 49092 - Add CI test for schema-reload
+- Ticket 49388 - repl-monitor - matches null string many times in regex
+- Ticket 49385 - Fix coverity warnings
+- Ticket 49305 - Need to wrap atomic calls
+- Ticket 49180 - errors log filled with attrlist_replace - attr_replace
+
+* Fri Sep 22 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.5-1
+- Bump version to 1.3.7.5
+- Ticket 49327 - Add CI test for password expiration controls
+- Ticket #48085 - CI tests - replication ruvstore
+- Ticket 49381 - Refactor numerous suite docstrings
+- Ticket #48085 - CI tests - replication cl5
+- Ticket 49379 - Allowed sasl mapping requires restart
+- Ticket 49327 - password expired control not sent during grace logins
+- Ticket 49380 - Add CI test
+- Ticket 83 - Fix create_test.py imports
+- Ticket 49381 - Add docstrings to ds_logs, gssapi_repl, betxn
+- Ticket 49380 - Crash when adding invalid replication agreement
+- Ticket 48081 - CI test - password
+- Ticket 49295 - Fix CI tests
+- Ticket 49295 - Fix CI test for account policy
+- Ticket 49295 - Fix CI tests
+- Ticket 49373 - remove unused header file
+
+* Wed Sep 6 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.4-1
+- Bump version to 1.3.7.4
+- Ticket 49371 - Cleanup update script
+- Ticket 48831 - Autotune dncache with entry cache.
+- Ticket 49312 - pwdhash -D used default hash algo
+- Ticket 49043 - make replication conflicts transparent to clients
+- Ticket 49371 - Fix rpm build
+- Ticket 49371 - Template dse.ldif did not contain all needed plugins
+- Ticket 49295 - Fix CI Tests
+- Ticket 49050 - make objectclass ldapsubentry effective immediately
+
+* Fri Sep 1 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.3-1
+- Bump version to 1.3.7.3
+- Ticket 49354 - fix regression in total init due to mistake in range fetch
+- Ticket 49370 - local password policies should use the same defaults as the global policy
+- Ticket 48989 - Delete slow lib389 test
+- Ticket 49367 - missing braces in idsktune
+- Ticket 49364 - incorrect function declaration.
+- Ticket 49275 - fix tls auth regression
+- Ticket 49038 - Revise creation of cn=replication,cn=config
+- Ticket 49368 - Fix typo in log message
+- Ticket 48059 - Add docstrings to CLU tests
+- Ticket 47840 - Add docstrings to setup tests
+- Ticket 49348 - support perlless and wrapperless install
+
+* Tue Aug 22 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.7.2-1
+- Bump verison to 1.3.7.2
+- Ticket 49038 - Fix regression from legacy code cleanup
+- Ticket 49295 - Fix CI tests
+- Ticket 48067 - Add bugzilla tests for ds_logs
+- Ticket 49356 - mapping tree crash can occur during tot init
+- Ticket 49275 - fix compiler warns for gcc 7
+- Ticket 49248 - Add a docstring to account locking test case
+- Ticket 49445 - remove dead code
+- Ticket 48081 - Add regression tests for pwpolicy
+- Ticket 48056 - Add docstrings to basic test suite
+- Ticket 49349 - global name 'imap' is not defined
+- Ticket 83 - lib389 - Fix tests and create_test.py
+- Ticket 48185 - Remove referint-logchanges attr from referint's config
+- Ticket 48081 - Add regression tests for pwpolicy
+- Ticket 83 - lib389 - Replace topology agmt objects
+- Ticket 49331 - change autoscaling defaults
+- Ticket 49330 - Improve ndn cache performance.
+- Ticket 49347 - reproducable build numbers
+- Ticket 39344 - changelog ldif import fails
+- Ticket 49337 - Add regression tests for import tests
+- Ticket 49309 - syntax checking on referint's delay attr
+- Ticket 49336 - SECURITY: Locked account provides different return code
+- Ticket 49332 - Event queue is not working
+- Ticket 49313 - Change the retrochangelog default cache size
+- Ticket 49329 - Descriptive error msg for USN cleanup task
+- Ticket 49328 - Cleanup source code
+- Ticket 49299 - Add normalized dn cache stats to dbmon.sh
+- Ticket 49290 - improve idl handling in complex searches
+- Ticket 49328 - Update clang-format config file
+- Ticket 49091 - remove usage of changelog semaphore
+- Ticket 49275 - shadow warnings for gcc7 - pass 1
+- Ticket 49316 - fix missing not condition in clock cleanu
+- Ticket 49038 - Remove legacy replication
+- Ticket 49287 - v3 extend csnpl handling to multiple backends
+- Ticket 49310 - remove sds logging in debug builds
+- Ticket 49031 - Improve memberof with a cache of group parents
+- Ticket 49316 - Fix clock unsafety in DS
+- Ticket 48210 - Add IP addr and connid to monitor output
+- Ticket 49295 - Fix CI tests and compiler warnings
+- Ticket 49295 - Fix CI tests
+- Ticket 49305 - Improve atomic behaviours in 389-ds
+- Ticket 49298 - fix missing header
+- Ticket 49314 - Add untracked files to the .gitignore
+- Ticket 49303 - Fix error in CI test
+- Ticket 49302 - fix dirsrv importst due to lib389 change
+- Ticket 49303 - Add option to disable TLS client-initiated renegotiation
+- Ticket 49298 - force sync() on shutdown
+- Ticket 49306 - make -f rpm.mk rpms produces build without tcmalloc enabled
+- Ticket 49297 - improve search perf in bpt by removing a deref
+- Ticket 49284 - resolve crash in memberof when deleting attrs
+- Ticket 49290 - unindexed range searches don't provide notes=U
+- Ticket 49301 - Add one logpipe test case
+
 * Fri Aug 11 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.3.7.1-2.5
 - Rebuilt after RPM update (№ 3)
 

sources

@@ -1 +1 @@
-SHA512 (389-ds-base-1.3.7.1.tar.bz2) = cc8985afe08b7f3ae637b92f12f846dcc452291ee56e5333840d93edf83ba89c6516342eb7fc302f2a0981508d5ec15b05e5c41dc327dd2af7276b2fdab83a1f
+SHA512 (389-ds-base-1.3.9.0.tar.bz2) = 9804efc6991575771394ce63b4f177ba8bcb89f45ff60216b39cabee63b2234b8502a4d1587830ad6422ea68d58a4b26a55e2124f4777eeaa20beef92f9e7ee1