Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:acdc:as_python3_module
389-ds.25422
389-ds.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 389-ds.changes of Package 389-ds.25422
------------------------------------------------------------------- Tue Aug 23 01:54:21 UTC 2022 - wbrown@suse.de - bsc#1202470 - CVE-2022-2850 - Resolve sync repl crash during invalid cookie handling - Update to version 1.4.4.19~git46.c900a28c8: * Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422) * Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420) * Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400) * Issue 5221 - fix covscan (#5359) * Issue 4984 - BUG - pid file handling (#4986) * Issue 5353 - CLI - dsconf backend export breaks with multiple backends * Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153) * Issue 5304: Need a compatibility option about sub suffix handling (#5310) * Issue 5302 - Release tarballs don't contain cockpit webapp * Issue 5284 - Replication broken after password change (#5286) ------------------------------------------------------------------- Tue Jul 19 02:56:36 UTC 2022 - wbrown@suse.de - bsc#1199908 - Improvements to openldap import with passwold policy present - Update to version 1.4.4.19~git43.8ba2ea21f: * Issue 5221 - fix covscan (#5359) * Issue 4984 - BUG - pid file handling (#4986) * Issue 5353 - CLI - dsconf backend export breaks with multiple backends * Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153) * Issue 5304: Need a compatibility option about sub suffix handling (#5310) * Issue 5302 - Release tarballs don't contain cockpit webapp * Issue 5284 - Replication broken after password change (#5286) * Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292) * Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int' * Issue 5276 - CLI - improve task handling ------------------------------------------------------------------- Wed Jun 8 05:48:31 UTC 2022 - William Brown <william.brown@suse.com> - Changelog fix - bsc#1195324 - CVE-2021-4091 - double free in psearch ------------------------------------------------------------------- Tue May 31 01:08:41 UTC 2022 - wbrown@suse.de - bsc#1199889 - CVE-2022-1949 - full access control bypass with simple crafted query 0001-Fix-ACI-bypass-in-shortcut-filter-condition.patch - Update to version 1.4.4.19~git38.9951c1101: * Issue 5302 - Release tarballs don't contain cockpit webapp * Issue 5284 - Replication broken after password change (#5286) * Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292) * Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int' * Issue 5276 - CLI - improve task handling * Issue 5273 - CLI - add arg completer for instance name * Issue 4866 - CLI - when enabling replication set changelog trimming by default * Issue 5241 - UI - Add account locking missing functionality (#5251) * Issue 5098 - Fix cherry-pick error * Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256) ------------------------------------------------------------------- Thu Mar 31 04:59:10 UTC 2022 - wbrown@suse.de - Resolve bsc#1197275 - CVE-2022-0918 - Crafted message may cause DoS - Update to version 1.4.4.19~git28.b12c72226: * Issue 5242- Craft message may crash the server (#5243) * Issue 5234 - UI - rename Users and Groups tab * Issue 5227 - UI - No way to move back to Get Started step (#5233) * Issue 5230 - Race condition in RHDS disk monitoring functions * Issue 4299 - UI - Add CoS funtionality (#5196) * Issue 5225 - UI - impossible to manually set entry cache * Issue 5186 - UI - Fix SASL Mapping regex test feature * Issue 5221 - User with expired password can still login with full privledges * Issue 5218 - double-free of the virtual attribute context in persistent search (#5219) * Issue 5193 - Incomplete ruv occasionally returned from ruv search (#5194) ------------------------------------------------------------------- Tue Mar 22 00:41:58 UTC 2022 - wbrown@suse.de - Resolve bsc#1197345 - CVE-2022-0996 - Mishandling of password expiry - Update to version 1.4.4.19~git21.feb4a55d8: * Issue 5221 - User with expired password can still login with full privledges * Issue 5218 - double-free of the virtual attribute context in persistent search (#5219) * Issue 5193 - Incomplete ruv occasionally returned from ruv search (#5194) * Issue 5189 - memberOf plugin exclude subtree not cleaning up groups on modrdn * Issue 5188 - UI - LDAP editor - add entry and group types * Issue 5184 - memberOf does not work correctly with multiple include scopes * Issue 5186 - UI - Fix SASL Mapping regex validation and other minor improvements * Issue 5122 - dsconf instance backend suffix set doesn't accept backend name (#5178) * Issue 5160 - BUG - x- prefix in descr-oid can confuse oid parser (#5161) * Issue 5098 - Multiple issues around replication and CI test test_online_reinit_may_hang (#5109) ------------------------------------------------------------------- Mon Jan 10 04:14:56 UTC 2022 - William Brown <william.brown@suse.com> - Resolve boo#1194068 by adding required schema ------------------------------------------------------------------- Mon Jan 10 00:31:11 UTC 2022 - wbrown@suse.de - bsc#1194084 - resolve multiple index migration bug - Update to version 1.4.4.18~git5.a46217a05: * Issue 5092 - BUG - pin concread for el8.5 * Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094) * Issue 5079 - BUG - multiple ways to specific primary (#5087) * Issue 4992 - BUG - slapd.socket container fix (#4993) * Issue 5037 - in OpenQA changelog trimming can crashes (#5070) * Bump version to 1.4.4.18 * Issue 4962 - Fix various UI bugs - Database and Backups (#5044) * Issue 5046 - BUG - update concread (#5047) * Issue 5043 - BUG - Result must be used compiler warning (#5045) * Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections ------------------------------------------------------------------- Tue Sep 21 00:56:43 UTC 2021 - wbrown@suse.de - Update to version 1.4.4.17~git0.5e1e392ae: * Bump version to 1.4.4.17 * Issue 4927 - rebase lib389 and cockpit in 1.4.4 * Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.) * Issue 4912 - Account Policy plugin does not set the config entry DN * Issue 4796 - Add support for nsslapd-state to CLI & UI * Issue 4894 - IPA failure in ipa user-del --preserve (#4907) * Issue 4169 - backport lib389 cert list fix * Issue 4912 - dsidm command crashing when account policy plugin is enabled * Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index * Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks ------------------------------------------------------------------- Fri Jul 09 04:16:10 UTC 2021 - wbrown@suse.de - bsc#1188151 - Update to 1.4.4.16 patch release - bsc#1188455 - CVE-2021-3652 - fix crypt handling of locked accounts - Update to version 389dsbase1.4.4.16~git16.c1926dfc6: * Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819) * Issue 4656 - (2nd) Remove problematic language from UI/CLI/lib389 * Issue 4262 - Fix Index out of bound in fractional test (#4828) * Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823) * Issue 4656 - remove problematic language from ds-replcheck * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810) * Issue 4788 - CLI should support Temporary Password Rules attributes (#4793) * Issue 4506 - Improve SASL logging * Issue 4093 - Fix MEP test case * Issue 4747 - Remove unstable/unstatus tests (followup) (#4809) * Issue 4789 - Temporary password rules are not enforce with local password policy (#4790) * Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799) * Issue 4447 - Crash when the Referential Integrity log is manually edited * Issue 4773 - Add CI test for DNA interval assignment * Issue 4750 - Fix compiler warning in retrocl (#4751) ------------------------------------------------------------------- Fri Jul 09 04:11:01 UTC 2021 - wbrown@suse.de - Update to version 1.4.4.16~git0.3d31c6c71: * Bump version to 1.4.4.16 * Update npm packages * Issue 4719 - lib389 - fix dsconf passthrough auth bugs * Issue 4778 - RFE - Allow setting TOD for db compaction and add task * Issue 4764 - replicated operation sometime checks ACI (#4783) * Issue 4623 - RFE - Monitor the current DB locks (#4762) * Issue 4781 - There are some typos in man-pages * Issue 4773 - Enable interval feature of DNA plugin * Issue 3555 - Fix UI audit issue * Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748) ------------------------------------------------------------------- Thu Apr 8 02:37:31 UTC 2021 - William Brown <william.brown@suse.com> - bsc#1184476 - Add supportconfig utility for customer services to capture 389-ds support information. ------------------------------------------------------------------- Thu Apr 08 01:43:57 UTC 2021 - wbrown@suse.de - Update to version 1.4.4.14~git0.37dc95673: * Bump version to 1.4.4.14 * Issue 4671 - UI - Fix browser crashes * Issue 4229 - Fix Rust linking * Issue 4658 - monitor - connection start date is incorrect * Issue 4656 - Make replication CLI backwards compatible with role name change * Issue 4656 - Remove problematic language from UI/CLI/lib389 * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down * Issue 4661 - RFE - allow importing openldap schemas (#4662) * Issue 4659 - restart after openldap migration to enable plugins (#4660) * Issue 4663 - CLI - unable to add objectclass/attribute without x-origin ------------------------------------------------------------------- Tue Mar 30 00:34:44 UTC 2021 - wbrown@suse.de - bsc#1184142 - restart after openldap migration so that plugins can correctly perform data fix ups. - Update to version 1.4.4.14~git0.37dc95673: * Bump version to 1.4.4.14 * Issue 4671 - UI - Fix browser crashes * Issue 4229 - Fix Rust linking * Issue 4658 - monitor - connection start date is incorrect * Issue 4656 - Make replication CLI backwards compatible with role name change * Issue 4656 - Remove problematic language from UI/CLI/lib389 * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down * Issue 4661 - RFE - allow importing openldap schemas (#4662) * Issue 4659 - restart after openldap migration to enable plugins (#4660) * Issue 4663 - CLI - unable to add objectclass/attribute without x-origin ------------------------------------------------------------------- Mon Feb 15 00:11:38 UTC 2021 - wbrown@suse.de - Update to version 389-ds-base-1.4.4.13~git0.6841d693f: * Bump version to 1.4.4.13 * Update dscontainer (#4564) * Issue 4591 - RFE - improve openldap_to_ds help and features (#4607) * Issue 4324 - Some architectures the cache line size file does not exist * Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614) * Issue 4609 - CVE - info disclosure when authenticating * Bump version to 1.4.4.12 * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584) * Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) * Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553) ------------------------------------------------------------------- Wed Feb 03 02:01:39 UTC 2021 - wbrown@suse.de - Update to version 1.4.4.12~git0.7b681e1da: * Bump version to 1.4.4.12 * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584) * Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) * Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553) * Issue 4396 - Minor memory leak in backend (#4558) (#4572) * Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569) * Issue 5442 - Search results are different between RHDS10 and RHDS11 * Bump version to 1.4.4.11 * Issue 4548 - CLI - dsconf needs better root DN access control plugin validation * Issue 4513 - Fix schema test and lib389 task module (#4514) ------------------------------------------------------------------- Mon Jan 18 01:06:59 UTC 2021 - wbrown@suse.de - Upstream fix for bsc#1180847 - openldap_to_ds can fail if the backend has no overlays or indexes. - Remove patches now merged upstream. * 0001-Ticket-51260-fix-potential-syncrepl-data-corruption.patch * 0002-Ticket-51260-improve-tests-and-improve-readme-re-ref.patch * 0003-Ticket-4224-openldap-can-become-confused-with-entryu.patch * 0004-Issue-4410-RFE-ndn-cache-with-arc-in-rust.patch * 0005-Issue-4403-RFE-OpenLDAP-pw-hash-migration-tests-4408.patch * 0006-Issue-4446-RFE-openldap-password-hashers.patch * 0007-Issue-4464-RFE-clang-with-ds-asan-rust.patch * 0008-Issue-4229-RFE-Improve-rust-linking-and-build-perfor.patch - Update to version 1.4.4.10~git0.ebdf25251: * Bump version to 1.4.4.10 * Issue 4418 - fix cherry-pick error * Issue 4381 - RFE - LDAPI authentication DN rewritter * Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540) * Issue 4513 - CI Tests - fix test failures * Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529) * Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated * Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533) * Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527) * Issue 4506 - BUG - Fix bounds on fd table population (#4520) ------------------------------------------------------------------- Tue Dec 01 02:50:05 UTC 2020 - wbrown@suse.de - Lib389 is a hard requirement in 1.4.4, and perl has been completely removed. Reflect this in our spec file. - Add rebased patches for SUSE Feature Completion: jsc#SLE-11501 * 0001-Ticket-51260-fix-potential-syncrepl-data-corruption.patch * 0002-Ticket-51260-improve-tests-and-improve-readme-re-ref.patch * 0003-Ticket-4224-openldap-can-become-confused-with-entryu.patch * 0004-Issue-4410-RFE-ndn-cache-with-arc-in-rust.patch * 0005-Issue-4403-RFE-OpenLDAP-pw-hash-migration-tests-4408.patch * 0006-Issue-4446-RFE-openldap-password-hashers.patch * 0007-Issue-4464-RFE-clang-with-ds-asan-rust.patch * 0008-Issue-4229-RFE-Improve-rust-linking-and-build-perfor.patch - Update to version 1.4.4.9~git0.b09e60339: * Bump version to 1.4.4.9 * Issue 4105 - Remove python.six (fix regression) * Issue 4384 - Use MONOTONIC clock for all timing events and conditions * Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467) * Issue 4460 - BUG - lib389 should use system tls policy * Issue 3657 - Add options to dsctl for dsrc file * Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set * Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439) * Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451) * Issue 4105 - Remove python.six from lib389 (#4456) ------------------------------------------------------------------- Thu Nov 12 03:47:16 UTC 2020 - wbrown@suse.de - Update to version 1.4.4.8~git0.bf454ad07: * Bump version to 1.4.4.8 * Issue 4415 - unable to query schema if there are extra parenthesis * Issue 4176 - CL trimming causes high CPU * Bump version to 1.4.4.7 * Issue 2526 - revert backend validation check * Issue 4262 - more perl removal cleanup * Issue 2526 - retrocl backend created out of order * Bump version to 1.4.4.6 * Issue 4262 - Remove legacy tools subpackage (final cleanup) * Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install) ------------------------------------------------------------------- Thu Oct 08 23:20:32 UTC 2020 - william.brown@suse.com - Update to version 1.4.4.4~git0.318a3ce0c: * Bump version to 1.4.4.4 * Ticket 51175 - resolve plugin name leaking * Issue 51187 - UI - stop importing Cockpit's PF css * Issue 51192 - Add option to reject internal unindexed searches * Issue 50840 - Fix test docstrings metadata-1 * Issue 50840 - Fix test docstrings metadata * Ticket 50980 - fix foo_filter_rewrite * Issue 51165 - add more logconv stats for the new access log keywords * Issue 50928 - Unable to create a suffix with countryName either via dscreate or the admin console * Issue 51188 - db2ldif crashes when LDIF file can't be accessed * Issue 50545 - Port remaining legacy tools to new python CLI * Issue 51165 - add new access log keywords for wtime and optime * Issue : 49761 - Fix CI test suite issues ( Port remaning acceptance test suit part 1) * Issue: 51070 - Port Import TET module to python3 part2 * Issue:51142 - Port manage Entry TET suit to python 3 part 1 * Issue: 50860 - Port Password Policy test cases from TET to python3 final * Issue 50696 - Fix Allowed and Denied Ciphers lists - WebUI * Issue 51169 - UI - attr uniqueness - selecting empty subtree crashes cockpit * Issue 49256 - log warning when thread number is very different from autotuned value * Issue 51157 - Reindex task may create abandoned index file * Issue 50873 - Fix issues with healthcheck tool * Issue:50860 - Port Password Policy test cases from TET to python3 part2 * Issue 51166 - Log an error when a search is fully unindexed * Ticket 50544 - OpenLDAP syncrepl compatability * Ticket 51161 - fix SLE15.2 install issps * Issue 49999 - rpm.mk build-cockpit should clean cockpit_dist first * Issue 51144 - dsctl fails with instance names that contain slapd- * Issue 51155 - Fix OID for sambaConfig objectclass * Ticket 51159 - dsidm ou delete fails * Issue 50984 - Memory leaks in disk monitoring * Ticket 51131 - improve mutex alloc in conntable * Issue 49761 - Fix CI tests * Ticket 49859 - A distinguished value can be missing in an entry * Issue 50791 - Healthcheck should look for notes=A/F in access log * Issue 51072 - Set the default minimum worker threads * Ticket 51140 - missing ifdef * Issue 50912 - pwdReset can be modified by a user * Issue 50781 - Make building cockpit plugin optional * Issue 51100 - Correct numSubordinates value for cn=monitor * Issue 51136 - dsctl and dsidm do not errors correctly when using JSON * Ticket 137 - fix compiler warning * Issue 50781 - Make building cockpit plugin optional * Issue 51132 - Winsync setting winSyncWindowsFilter not working as expected * Ticket 51034 - labeledURIObject * Issue 50545 - Port remaining legacy tools to new python CLI * Issue 50889 - Extract pem files into a private namespace * Ticket 137 - Implement EntryUUID plugin * Ticket 51072 - improve autotune defaults * Ticket 51115 - enable samba3.ldif by default * Issue 51118 - UI - improve modal validation when creating an instance * Issue 50746 - Add option to healthcheck to list all the lint reports * Bump version to 1.4.4.3 * Issue 50931 - RFE AD filter rewriter for ObjectCategory * Issue: 50860 - Port Password Policy test cases from TET to python3 part1 * Issue 51113 - Allow using uid for replication manager entry * Issue 51095 - abort operation if CSN can not be generated * Issue 51110 - Fix ASAN ODR warnings * Issue 49850 -ldbm_get_nonleaf_ids() painfully slow for databases with many non-leaf entries * Issue 51102 - RFE - ds-replcheck - make online timeout configurable * Issue 51076 - remove unnecessary slapi entry dups * Issue 51086 - Improve dscreate instance name validation * Issue:51070 - Port Import TET module to python3 part1 * Ticket 51037 - compiler warning * Ticket 50989 - ignore pid when it is ourself in protect_db * Ticket 51037 - RFE AD filter rewriter for ObjectSID * Issue 50499 - Fix some npm audit issues * Issue 51091 - healthcheck json report fails when mapping tree is deleted * Ticket 51079 - container pid start and stop issues * Revert "Issue 51017 - Implement dynamic ds/bz pytest markers" * Issue 49761 - Fix CI tests * Issue 50610 - Fix return code when it's nothing to free * Issue 50610 - memory leaks in dbscan and changelog encryption * Issue 51076 - prevent unnecessarily duplication of the target entry * Issue 50940 - Permissions of some shipped directories may change over time * Issue 50873 - Fix issues with healthcheck tool * Issue 51017 - Implement dynamic ds/bz pytest markers * Ticket 51082 - abort when a empty valueset is freed * Issue:CI test - automember_plugin (Long Duration test) * Issue 50201 - nsIndexIDListScanLimit accepts any value * Bump version to 1.4.4.2 * Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema * Issue 51054 - Revise ACI target syntax checking * Ticket 51068 - deadlock when updating the schema * Issue 51042 - try to use both c_rehash and openssl rehash * Issue 51042 - switch from c_rehash to openssl rehash * Issue 50992 - Bump jemalloc version and enable profiling * Issue 51060 - unable to set sslVersionMin to TLS1.0 * Issue 51064 - Unable to install server where IPv6 is disabled * Issue 51051 - CLI fix consistency issues with confirmations * Issue 50655 - etime displayed has an order of magnitude 10 times smaller than it should be * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now * Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev * Issue 49761 - Fix CI tests * Issue 51047 - React deprecating ComponentWillMount * Issue 50499 - fix npm audit issues * Issue 50545 - Port dbgen.pl to dsctl * Issue 51027 - Test passwordHistory is not rewritten on a fail attempt * Bump version to 1.4.4.1 * Ticket 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins * Ticket 50877 - task to run tests of csn generator * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now * Issue: 48055 - CI test - automember_plugin(part3) * Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1 * Issue 51031 UI - transition between two instances needs improvement * Bump version to 1.4.4 ------------------------------------------------------------------- Sun Aug 02 23:52:12 UTC 2020 - william.brown@suse.com - Update to version 1.4.3.12~git0.9bc042902: * Bump version to 1.4.3.12 * Issue 51222 - It should not be allowed to delete Managed Entry manually * Issue 51129 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version * Issue 51086 - Fix instance name length for interactive install * Issue 51136 - JSON Error output has redundant messages * Issue 51059 - If dbhome directory is set online backup fails * Issue 51000 - Separate the BDB backend monitors * Issue 49300 - entryUSN is duplicated after memberOf operation * Issue 50984 - Fix disk_mon_check_diskspace types ------------------------------------------------------------------- Wed Jul 15 04:10:48 UTC 2020 - william.brown@suse.com - Remove patch that is now included in latest release: 0001-Ticket-51161-fix-SLE15.2-install-issps.patch - Resolve bsc#1174057 upstream stability and fix rollup. - Update to version 1.4.3.11~git0.82796f172: * Bump version to 1.4.3.11 * Issue 51192 - Add option to reject internal unindexed searches * Ticket 51159 - dsidm ou delete fails * Issue 51165 - add more logconv stats for the new access log keywords * Issue 51188 - db2ldif crashes when LDIF file can't be accessed * Issue 51165 - add new access log keywords for wtime and optime * Issue 50696 - Fix Allowed and Denied Ciphers lists - WebUI * Issue 51169 - UI - attr uniqueness - selecting empty subtree crashes cockpit * Issue 49256 - log warning when thread number is very different from autotuned value * Issue 51157 - Reindex task may create abandoned index file * Issue 51166 - Log an error when a search is fully unindexed * Ticket 51161 - fix SLE15.2 install issps * Issue 51144 - dsctl fails with instance names that contain slapd- * Issue 50984 - Memory leaks in disk monitoring * Issue 50201 - nsIndexIDListScanLimit accepts any value * Bump version to 1.4.3.10 * Ticket 49859 - A distinguished value can be missing in an entry * Issue 50791 - Healthcheck should look for notes=A/F in access log * Issue 51072 - Set the default minimum worker threads * Issue 50912 - pwdReset can be modified by a user * Issue 51100 - Correct numSubordinates value for cn=monitor * Issue 51136 - dsctl and dsidm do not errors correctly when using JSON * Issue 51132 - Winsync setting winSyncWindowsFilter not working as expected * Ticket 51072 - improve autotune defaults * Issue 50746 - Add option to healthcheck to list all the lint reports * Issue 51118 - UI - improve modal validation when creating an instance ------------------------------------------------------------------- Fri Jun 19 01:56:49 UTC 2020 - William Brown <william.brown@suse.com> - Add 0001-Ticket-51161-fix-SLE15.2-install-issps.patch to resolve bsc#1172328 This corrects a failure to install on SUSE due to incorrect hostname generation, and a python 3 utf8 issue that is triggered by systemd. ------------------------------------------------------------------- Mon Jun 01 01:10:10 UTC 2020 - william.brown@suse.com - Update to version 1.4.3.9~git0.3eb8617f6: * Bump version to 1.4.3.9 * Issue 50931 - RFE AD filter rewriter for ObjectCategory * Issue 51113 - Allow using uid for replication manager entry * Issue 51095 - abort operation if CSN can not be generated * Issue 51110 - Fix ASAN ODR warnings * Issue 51102 - RFE - ds-replcheck - make online timeout configurable * Issue 51076 - remove unnecessary slapi entry dups * Issue 51086 - Improve dscreate instance name validation * Ticket 50989 - ignore pid when it is ourself in protect_db * Issue 50499 - Fix some npm audit issues * Issue 51091 - healthcheck json report fails when mapping tree is deleted * Ticket 51079 - container pid start and stop issues * Issue 50610 - Fix return code when it's nothing to free * Ticket 51082 - abort when a empty valueset is freed * Issue 50610 - memory leaks in dbscan and changelog encryption * Issue 51076 - prevent unnecessarily duplication of the target entry * Bump version to 1.4.3.8 * Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema * Issue 51054 - Revise ACI target syntax checking * Ticket 51068 - deadlock when updating the schema * Issue 51060 - unable to set sslVersionMin to TLS1.0 * Issue 51064 - Unable to install server where IPv6 is disabled * Issue 51051 - CLI fix consistency issues with confirmations * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now * Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev * Issue 51047 - React deprecating ComponentWillMount * Issue 50499 - fix npm audit issues * Issue 50545 - Port dbgen.pl to dsctl * Bump version to 1.4.3.7 * Ticket 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins * Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1 * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now * Issue 51031 UI - transition between two instances needs improvement * Bump version to 1.4.3.6 * Issue 50933 - 10rfc2307compat.ldif is not ready to set used by default * Ticket 50931 - RFE AD filter rewriter for ObjectCategory * Issue 51016 - Fix memory leaks in changelog5_init and perfctrs_init * Ticket 50980 - RFE extend usability for slapi_compute_add_search_rewriter and slapi_compute_add_evaluator * Ticket 51008 - dbhome in containers * Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code * Ticket 51014 - slapi_pal.c possible static buffer overflow * Issue 50545 - remove dbmon "incr" option from arg parser * Issue 50545 - Port dbmon.sh to dsconf * Issue 51005 - AttributeUniqueness plugin's DN parameter should not have a default value * Issue 49731 - Fix additional issues with setting db home directory by default * Issue 50337 - Replace exec() with setattr() * Ticket 50905 - intermittent SSL hang with rhds * Issue 50952 - SSCA lacks basicConstraint:CA * Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given * Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value * Bump version to 1.4.3.5 * Issue 50994 - Fix latest UI bugs found by QE * Ticket 50933 - rfc2307compat.ldif * Issue 50337 - Replace exec() with setattr() * Issue 50984 - Memory leaks in disk monitoring * Issue 50984 - Memory leaks in disk monitoring * Issue 49731 - dscreate fails in silent mode because of db_home_dir * Issue 50975 - Revise UI branding with new minimized build * Issue 49437 - Fix memory leak with indirect COS * Issue 49731 - Do not add db_home_dir to template-dse.ldif * Issue 49731 - set and use db_home_directory by default * Ticket 50971 - fix BSD_SOURCE * -n option of dbverify does not work * Issue 50952- SSCA lacks basicConstraint:CA * Issue 50976 - Clean up Web UI source directory from unused files * Issue 50955 - Fix memory leaks in chaining plugin(part 2) * Issue 50966 - UI - Database indexes not using typeAhead correctly * Issue 50974 - UI - wrong title in "Delete Suffix" popup * Issue 50972 - Fix cockpit plugin build * Issue 49761 - Fix CI test suite issues * Issue 50971 - Support building on FreeBSD. * Issue 50960 - [RFE] Advance options in RHDS Disk Monitoring Framework * Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted * Issue 50963 - We should bundle *.min.js files of Console * Issue: 50860 - Port Password Policy test cases from TET to python3 Password grace limit section. * Issue: 50860 - Port Password Policy test cases from TET to python3 series of bugs Port final * Issue 50954 - buildnum.py - fix date formatting issue * Bump version to 1.4.3.4 * Issue 50954 - Port buildnum.pl to python(part 2) * Issue 50955 - Fix memory leaks in chaining plugin * Issue 50954 - Port buildnum.pl to python * Ticket 50947 - change 00core.ldif objectClasses for openldap migration * Ticket: 50755 - setting nsslapd-db-home-directory is overriding db_directory * Issue 50937 - Update CLI for new backend split configuration * Issue: 50860 - Port Password Policy test cases from TET to python3 pwp.sh * Ticket 50945 - givenname alias of gn from openldap * Ticket 50935 - systemd override in lib389 for dscontainer * Issue 50499 - Fix npm audit issues * Issue 49761 - Fix CI test suite issues * Ticket 50618 - clean compiler warning and log level * Ticket 50889 - fix compiler issues * Issue 50884 - Health check tool DSEldif check fails * Issue 50926 - Remove dual spinner and other UI fixes * Issue 50928 - Unable to create a suffix with countryName * Issue 50758 - Only Recommend bash-completion, not Require * Issue 50923 - Fix a test regression * Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code * Issue 50920 - cl-dump exit code is 0 even if command fails with invalid arguments * Issue 50923 - Add test - dsctl fails to remove instances with dashes in the name * Issue 50919 - Backend delete fails using dsconf * Issue 50872 - dsconf can't create GSSAPI replication agreements * Issue 50912 - RFE - add password policy attribute pwdReset * Ticket 50914 - No error returned when adding an entry matching filters for a non existing automember group * Ticket 50889 - Extract pem files into a private namespace * Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before * Issue: 50686 - Port fractional replication test cases from TET to python3 final * Issue 49845 - Remove pkgconfig check for libasan * Issue:50860 - Port Password Policy test cases from TET to python3 bug624080 * Issue:50860 - Port Password Policy test cases from TET to python3 series of bugs * Ticket 50786 - connection table freelist * Ticket 50618 - support cgroupv2 * Ticket 50900 - Fix cargo offline build * Ticket 50898 - ldclt core dumped when run with -e genldif option * Bump version to 1.4.3.3 * Issue 50855 - remove unused file from UI * Issue 50855 - UI: Port Server Tab to React * Issue 49845 - README does not contain complete information on building * Issue: 50686 - Port fractional replication test cases from TET to python3 part 1 * Ticket - 49623-cont cenotaph errors on modrdn operations * Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled * Issue 50886 - Typo in the replication debug message * Issue 50873 - Fix healthcheck and virtual attr check * Issue 50873 - Fix issues with healthcheck tool * Issue 50028 - Add a new CI test case * Issue 49946 - Add a new CI test case * Issue 50117 - Add a new CI test case * Ticket 50787 - fix implementation of attr unique * Ticket 50859 - support running only with ldaps socket * Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name * Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache * Issue 50867 - Fix minor buildsys issues * Issue 50737 - Allow building with rust online without vendoring * Ticket 50831 add cargo.lock to allow offline builds * Ticket 50694 - import PEM certs on startup * Ticket 50857 - Memory leak in ACI using IP subject * Issue 49761 - Fix CI test suite issues * Issue 50853 - Fix NULL pointer deref in config setting * Issue 50850 - Fix dsctl healthcheck for python36 * Issue 49990 - Need to enforce a hard maximum limit for file descriptors * Ticket 48707 - ldapssotoken for authentication * Bump version to 1.4.3.2 * Issue 49254 - Fix compiler failures and warnings * Ticket 50741-cont bdb_start - Detected Disorderly Shutdown * Issue 50836 - Port Schema UI tab to React * Issue 50842 - Decrease 389-console Cockpit component size * Ticket 50790 - Add result text when filter is invalid * Issue 50627 - Add ASAN logs to HTML report * Issue 50834 - Incorrectly setting the NSS default SSL version max * Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free * Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10 * Ticket 50784 - performance testing scripts * Issue 50599 - Fix memory leak when removing db region files * Issue 49395 - Set the default TLS version min to TLS1.2 * Issue 50818 - dsconf pwdpolicy get error * Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined" * Issue 50599 - Remove db region files prior to db recovery * Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/ * Issue 50816 - dsconf allows the root password to be set to nothing * Issue 50798 - incorrect bytes in format string(fix import issue) * Bump version to 1.4.3.1 * Ticket 50798 - incorrect bytes in format string * Issue 50545 - Add the new replication monitor functionality to UI * Issue 50806 - Fix minor issues in lib389 health checks * Issue: 50690 - Port Password Storage test cases from TET to python3 part 1 * Issue 49761 - Fix CI test suite issues * Issue 49761 - Fix CI test suite issues * Issue 50754 - Add Restore Change Log option to CLI * Issue: 48055 - CI test - automember_plugin(part2) * Ticket 50667 - dsctl -l did not respect PREFIX * Issue 50780 - More CLI fixes * Ticket 50649 - lib389 without defaults.inf * Issue 50780 - Fix UI issues * Ticket 50727 - correct mistaken options in filter validation patch * Issue 50779 - lib389 - conflict compare fails for DN's with spaces * Set branch version to 1.4.3.0 ------------------------------------------------------------------- Mon Jun 01 00:22:18 UTC 2020 - william.brown@suse.com - Remove 0001-Ticket-51014-slapi_pal.c-possible-static-buffer-over.patch as it is part of 1.4.2.14 - Update to version 1.4.2.14~git0.5ac5b02ce: * Bump version to 1.4.2.14 * Issue 51113 - Allow using uid for replication manager entry * Issue 51095 - abort operation if CSN can not be generated * Issue 51110 - Fix ASAN ODR warnings * Issue 51102 - RFE - ds-replcheck - make online timeout configurable * Issue 51076 - remove unnecessary slapi entry dups * Issue 51086 - Improve dscreate instance name validation * Ticket 50989 - ignore pid when it is ourself in protect_db * Issue 50499 - Fix some npm audit issues * Issue 51091 - healthcheck json report fails when mapping tree is deleted * Ticket 51079 - container pid start and stop issues * Issue 50610 - Fix return code when it's nothing to free * Ticket 51082 - abort when a empty valueset is freed * Issue 50610 - memory leaks in dbscan and changelog encryption * Issue 51076 - prevent unnecessarily duplication of the target entry * Issue 50940 - Permissions of some shipped directories may change over time * Bump version to 1.4.2.13 * Ticket 50787 - fix implementation of attr unique * Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema * Ticket 51068 - deadlock when updating the schema * Issue 51060 - unable to set sslVersionMin to TLS1.0 * Issue 51064 - Unable to install server where IPv6 is disabled * Issue 51051 - CLI fix consistency issues with confirmations * Issue 51047 - React deprecating ComponentWillMount * Issue 50499 - fix npm audit issues * Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1 * Issue 51031 UI - transition between two instances needs improvement * Bump version to 1.4.2.12 * Issue 50337 - Replace exec() with setattr() * Issue 50545 - the check for the ds version for the backend config was broken * Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code * Ticket 51014 - slapi_pal.c possible static buffer overflow * Issue 50545 - remove dbmon "incr" option from arg parser * Issue 50545 - Port dbmon.sh to dsconf * Ticket 50905 - intermittent SSL hang with rhds * Issue 50952 - SSCA lacks basicConstraint:CA * Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given * Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value ------------------------------------------------------------------- Tue Apr 07 05:27:28 UTC 2020 - 389-ds-maintainer@suse.de - Patch rollup as described in bsc#1169364 - Add rust vendor.tar.gz as a source - rust is still an optional build and will be enabled in the future. - Update ns-slapd ownership to remove dirsrv as an owner as dirsrv will not exist in containers with systemd users. - Add 0001-Ticket-51014-slapi_pal.c-possible-static-buffer-over.patch to resolve a warning found in static analysis in OBS (upstream #51014) - Update to version 1.4.2.11~git0.aff1a2831: * Bump version to 1.4.2.11 * Issue 50994 - Fix latest UI bugs found by QE * Issue 50337 - Replace exec() with setattr() * Issue 50984 - Memory leaks in disk monitoring * Issue 50975 - Revise UI branding with new minimized build * Issue 49437 - Fix memory leak with indirect COS * Issue 50976 - Clean up Web UI source directory from unused files * Issue 50744 - -n option of dbverify does not work * Issue 50952- SSCA lacks basicConstraint:CA * Bump version to 1.4.2.10 * Issue 50966 - UI - Database indexes not using typeAhead correctly * Issue 50974 - UI - wrong title in "Delete Suffix" popup * Issue 50972 - Fix cockpit plugin build * Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted * Issue 50963 - We should bundle *.min.js files of Console * Bump version to 1.4.2.9 * Ticket: 50755 - setting nsslapd-db-home-directory is overriding db_directory * Issue 50937 - Update CLI for new backend split configuration * Issue 50499 - Fix npm audit issues * Issue 50884 - Health check tool DSEldif check fails * Issue 50926 - Remove dual spinner and other UI fixes * Issue 49845 - Remove pkgconfig check for libasan * Issue 50758 - Only Recommend bash-completion, not Require * Issue 50928 - Unable to create a suffix with countryName * Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code * Issue 50919 - Backend delete fails using dsconf * Issue 50872 - dsconf can't create GSSAPI replication agreements * Ticket 50914 - No error returned when adding an entry matching filters for a non existing automember group * Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before * Ticket 50618 - support cgroupv2 * Ticket 50898 - ldclt core dumped when run with -e genldif option ------------------------------------------------------------------- Mon Feb 17 22:37:41 UTC 2020 - 389-ds-maintainer@suse.de - Update to version 1.4.2.8~git0.3aaa3e820: * Bump version to 1.4.2.8 * Issue 50855 - remove unused file from UI * Issue 50855 - UI: Port Server Tab to React * Issue 49845 - README does not contain complete information on building * Ticket - 49623-cont cenotaph errors on modrdn operations * Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled * Issue 50886 - Typo in the replication debug message * Issue 50873 - Fix healthcheck and virtual attr check * Issue 50873 - Fix issues with healthcheck tool * Ticket 50857 - Memory leak in ACI using IP subject * Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name * Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache * Issue 50850 - Fix dsctl healthcheck for python36 * Issue 49990 - Need to enforce a hard maximum limit for file descriptors ------------------------------------------------------------------- Tue Jan 28 04:11:30 UTC 2020 - 389-ds-maintainer@suse.de - Update to version 1.4.2.7~git0.202953d28: * Bump version to 1.4.2.7 * Issue 49254 - Fix compiler failures and warnings * Ticket 50741-cont bdb_start - Detected Disorderly Shutdown * Issue 50836 - Port Schema UI tab to React * Issue 50842 - Decrease 389-console Cockpit component size * Ticket 50790 - Add result text when filter is invalid * Issue 50834 - Incorrectly setting the NSS default SSL version max * Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free * Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10 * Issue 50599 - Fix memory leak when removing db region files * Issue 49395 - Set the default TLS version min to TLS1.2 * Issue 50818 - dsconf pwdpolicy get error * Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined" * Issue 50599 - Remove db region files prior to db recovery * Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/ * Issue 50816 - dsconf allows the root password to be set to nothing * Issue 50798 - incorrect bytes in format string(fix import issue) ------------------------------------------------------------------- Tue Jan 21 03:51:34 UTC 2020 - 389-ds-maintainer@suse.de - Update to version 1.4.2.6~git0.e84bbce3f: * Bump version to 1.4.2.6 * Ticket 50798 - incorrect bytes in format string * Issue 50545 - Add the new replication monitor functionality to UI * Issue 50806 - Fix minor issues in lib389 health checks * Issue 50754 - Add Restore Change Log option to CLI * Ticket 50727 - change syntax validate by default in 1.4.2 * Ticket 50667 - dsctl -l did not respect PREFIX * Issue 50780 - More CLI fixes * Issue 50780 - Fix UI issues * Ticket 50727 - correct mistaken options in filter validation patch * Issue 50779 - lib389 - conflict compare fails for DN's with spaces * Ticket #49761 - Fix CI test suite issues * Issue 50499 - Fix npm audit issues * Issue 50774 - Account.enroll_certificate() should not check for DS version * Issue 50771 - 1.4.2.5 doesn't compile due to error ModuleNotFoundError: No module named 'pkg_resources.extern' * Issue 50758 - Need to enable CLI arg completion * Ticket 50709: Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10 * Issue: 50690 - Port Password Storage test cases from TET to python3(create required types in password_plugins) * Issue: 48851 - Investigate and port TET matching rules filter tests(last test cases for match index) * Issue 50761 - Parametrized tests are missing ':parametrized' value * Bump version to 1.4.2.5 * Issue 50747 - Port readnsstate to dsctl * Issue 50758 - Enable CLI arg completion * Issue 50753 - Dumping the changelog to a file doesn't work * Ticket 50745: ns-slapd hangs during CleanAllRUV tests * Issue 50734 - lib389 creates non-SSCA cert DBs with misleading README.txt * Issue: 48851 - investigate and port TET matching rules filter tests(cert) * Issue: 50443 - Create a module in lib389 to Convert a byte sequence to a properly escaped for LDAP * Ticket 50664 - DS can fail to recover if an empty directory exists in db * Ticket 50736 - RetroCL trimming may crash at shutdown if trimming configuration is invalid * Ticket 50741 - bdb_start - Detected Disorderly Shutdown last time Directory Server was running * Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted * Issue 50701 - Fix type in lint report * Ticket 50729 - add support for gssapi tests on suse * Issue 50701 - Add additional healthchecks to dsconf * Issue 50711 - `dsconf security` lacks option for setting nsTLSAllowClientRenegotiation attribute * Issue 50439 - Update docker integration for Fedora * Issue: 48851 - Investigate and port TET matching rules filter tests(last test cases for match) * Issue 50499 - Fix npm audit issues * Issue 50722 - Test IDs are not unique * Issue 50712 - Version comparison doesn't work correctly on git builds * Issue 50499 - Fix npm audit issues * Issue 50706 - Missing lib389 dependency - packaging * Bump version to 1.4.2.4 * Issue 49761 - Fix CI test suite issues * Issue 50634 - Fix CLI error parsing for non-string values * Ticket 50659 AddressSanitizer: SEGV ... in bdb_pre_close * Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes * Issue 50644 - fix regression with creating sample entries * Issue 50699 - Add Disk Monitor to CLI and UI * Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes * Issue 50536 - After audit log file is rotated, DS version string is logged after each update * Issue #50712 - Version comparison doesn't work correctly on git builds * Issue 50706 - Missing lib389 dependency - packaging * Issue 49761 - Fix CI test suite issues * Issue #50683 - Makefile.am contains unused RPM-related targets * Issue 50696 - Fix various UI bugs * Update based on Marks feedback * Update to mark as skipif * Ticket 50641 - Update default aci to allows users to change their own password * Ticket 50007, 50648 - improve x509 handling. * Issue 50689 - Failed db restore task does not report an error * Issue 50199 - Disable perl by default * Ticket 50633 - Add cargo vendor support for offline builds * Issue 50499 - Fix npm audit issues * Bump version to 1.4.2.3 * Issue 50592 - Port Replication Tab to ReactJS * Issue 50680 - Remove branding from upstream spec file * Issue 50669 - Remove nunc-stans in favour of reworking current conn code (add.) * Issue: 48055 - CI test - automember_plugin(part1) * Issue 50677 - Map subtree searches with NULL base to default naming context * Issue 50669 - Fix RPM build * Ticket 50669 - remove nunc-stans * Ticket 49850 cont -fix crash in ldbm_non_leaf * Issue 50634 - Clean up CLI errors output - Fix wrong exception * Issue 50660 - Build failure on Fedora 31 * Issue 50634 - Clean up CLI errors output * Issue: 48851 - Investigate and port TET matching rules filter tests(match more test cases) * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request" * Issue 49850 - ldbm_get_nonleaf_ids() slow for databases with many non-leaf entries * Issue 50655 - access log etime is not properly formatted * Issue 50653 - objectclass parsing fails to log error message text * Issue 50646 - Improve task handling during shutdowns * Add new test suite to test migration between RHDS versions * Ticket 50627 - Support platforms without pytest_html * Ticket 49476 - backend refactoring phase1, fix failing tests * Ticket 49476 - refactor ldbm backend to allow replacement of BDB * Ticket - 50349 - additional fix: filter schema check must handle subtypes * Issue: 48851 - investigate and port TET matching rules filter tests(indexing more test cases) * Issue 50638 - RecursionError: maximum recursion depth exceeded while calling a Python object * Ticket 50636 - Crash during sasl bind * Ticket 50632 - Add ensure attr state so that diffs are easier from 389-ds-portal * Ticket 50619 - extend commands to have more modify options * Issue 50499 - Fix npm audit issues * bump version to 1.4.2.2 ------------------------------------------------------------------- Tue Oct 08 02:04:20 UTC 2019 - 389-ds-maintainer@suse.de - Update to version 1.4.2.2~git0.d41ef935b: * Issue 50627 - Add ASAN logs to HTML report * Issue 50545 - Port repl-monitor.pl to lib389 CLI * Ticket 50622 - ds_selinux_enabled may crash on suse * Ticket 50595 - remove syslog.target requirement * Ticket 50617 - disable cargo lock * Issue 50620 - Fix regressions from 50506 (slapi_enry_attr_get_ref) * Issue 50615 - Log current test name to journald * Ticket: 50610 memory leak in dbscan * Bump version to 1.4.2.1 * Ticket 50581 - ns-slapd crashes during ldapi search * Issue 50604 - Fix UI validation * ticket 50510 - etime can contain invalid nanosecond value * Ticket 50593 Investigate URP handling on standalone instance * Issue 50506 - Fix regression for relication stripattrs * Issue 50580 - Perl can't be disabled in configure * Ticket 50584, 49212 - docker healthcheck and configuration * Issue 50546 - fix more UI issues(part 2) * Do not use comparision with "is" for empty value * Issue 50546 - fix more UI issues * Issue 50586 - lib389 - Fix DSEldif long line processing * Issue 50173 - Add the validate-syntax task to the dsconf schema * Issue 50546 - Fix various issues in UI * Bump version to 1.4.2.0 * Ticket 50576 - Same proc uid/gid maps to rootdn for ldapi sasl * Ticket 50567, 50568 - strict host check disable and display container version * Issue 50550 - DS installer debug messages leaking to ipa-server-install * Issue 50545 - Port fixup-memberuid and add the functionality to CLI and UI * Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted * Issue 50578 - Add SKIP_AUDIT_CI flag for Cockpit builds * Ticket 50349 - filter schema validation * Issue: 48055 - CI test-(Plugin configuration should throw proper error messages if not configured properly) * Issue 49324 - idl_new fix assert * Ticket 50564 - Fix rust libraries by default and improve docker * Issue 50206 - Refactor lock, unlock and status of dsidm account/role * Issue 49324 - idl_new report index name in error conditions * Issue 49761 - Fix CI test suite issues * Issue 50506 - Fix regression from slapi_entry_attr_get_ref refactor * Issue 50499 - Audit fix - Update npm 'eslint-utils' version * Issue 49624 - modrdn silently fails if DB deadlock occurs * fix for 50542 crashes in filter tests * Issue 49761 - Fix CI test suite issues * Ticket 50542 - Entry cache contention during base search * Issue 50462 - Fix CI tests * Ticket 50490 objects and memory leaks * Issue 50538 - Move CI test to individual file * Issue 50538 - cleanAllRUV task limit is not enforced for replicated tasks * Issue 50536 - Audit log heading written to log after every update * Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted * Issue 50534 - CLI change schema edit subcommand to replace * Issue 50506 - cont Fix invalid frees from pointer reference calls * Issue 50507 - Fix Cockpit UI styling for PF4 * Issue: 48851 - investigate and port TET matching rules filter tests(indexing final) * Issue: 48851 - Add more test cases to the match test suite(mode replace) * Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1" * Issue 50529 - LDAP server returning PWP controls in different sequence * Issue 50506 - Fix invalid frees from pointer reference calls. * Issue 50506 - Replace slapi_entry_attr_get_charptr() with slapi_entry_attr_get_ref() * Issue 50521 - Add regressions in CI tests * Ticket 50510 - etime can contain invalid nanosecond value * Issue 50488 - Create a monitor for disk space usagedisk-space-mon * Issue 50511 - lib389 PosixGroups type can not handle rdn properly * Issue 50508 - UI - fix local password policy form ------------------------------------------------------------------- Thu Aug 13 05:31:18 UTC 2019 - William Brown <william.brown@suse.com> - Fix spec file discrepencies from SLE - Update to correct license issue in spec file - Update to simplify rust option selection - Update to version 1.4.1.6~git0.5ac5a8aad: * Bump version to 1.4.1.6 * Issue 50355 - SSL version min and max not correctly applied * Issue 50497 - Port cl-dump.pl tool to Python using lib389 * Issue: 48851 - investigate and port TET matching rules filter tests(Final) * correction to fix for #50417 * Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file * Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file * Issue 50325 - Add Security tab to UI * Ticket 49789 - By default, do not manage unhashed password * Ticket 49421 - Implement password hash upgrade on bind. * Ticket 49421 - on bind password upgrade proof of concept * Ticket 50493 - connection_is_free to trylock * Ticket 50459 - Correct issue with allocation state * Issue 50499 - Fix audit issues and remove jquery from the whitelist * Ticket 50459 - c_mutex to use pthread_mutex to allow ns sharing * Ticket 50484 - Add a release build dockerfile and dscontainer improvements * Issue 50486 - Update jemalloc to 5.2.0 - Update to version 1.4.1.5~git0.748334143: * Bump version to 1.4.1.5 * Issue 50431 - Fix regression from coverity fix * Issue 49239 - Add a new CI test case * Issue 49997 - Add a new CI test case * Issue 50177 - Add a new CI test case, also added fixes in lib389 * Issue 49761 - Fix CI test suite issues * Issue 50474 - Unify result codes for add and modify of repl5 config * Ticket 50472 - memory leak with encryption * Issue 50462 - Fix Root DN access control plugin CI tests * Issue 50462 - Fix CI tests * Ticket 50217 - Implement dsconf security section * Issue: 48851 - Add more test cases to the match test suite. * Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients * Ticket 50439 - fix waitpid issue when pid does not exist * Issue 50454 - Fix Cockpit UI branding * Issue: 48851 - investigate and port TET matching rules filter tests(index) * Issue 49232 - Truncate the message when buffer capacity is exceeded * Bump version to 1.4.1.4 * Ticket 49361 - Use IPv6 friendly network functions * Issue: 48851 - Investigate and port TET matching rules filter tests(bug772777) * Issue: 50446 - NameError: name 'ds_is_older' is not defined * Issue 49602 - Revise replication status messages * Ticket 50439 - Update docker integration to work out of source directory * Ticket 50037 - revert path changes as it breaks prefix/rpm builds * Issue 50431 - Fix regression from coverity fix * Issue 50370 - CleanAllRUV task crashing during server shutdown * Issue: 48851 - investigate and port TET matching rules filter tests(match) * Issue 50417 - Fix missing quote in some legacy tools * Ticket 50431 - Fix covscan warnings * Revert "Issue 49960 - Core schema contains strings instead of numer oids" * Issue 50426 - nsSSL3Ciphers is limited to 1024 characters * Issue 50052 - Fix rpm.mk according to audit-ci change * Issue 50365 - PIDFile= references path below legacy directory /var/run/ * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request" * Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS * Ticket 50417 - Revise legacy tool scripts to work with new systemd changes * Issue: 48851 - Add more search filters to vfilter_simple test suite * Issue 49761 - Fix CI test suite issues * Issue 49875 - Move SystemD service config to a drop-in file * Ticket 50413 - ds-replcheck - Always display the Result Summary * Issue 50052 - Add package-lock.json and use "npm ci" * Issue: 48851 - investigate and port TET matching rules filter tests(vfilter simple) * Ticket 50355 - NSS can change the requested SSL min and max versions * Issue: 48851 - investigate and port TET matching rules filter tests(vfilter_ld) * Issue 50390 - Add Managed Entries Plug-in Config Entry schema * Ticket 49730 - Remove unused Mozilla ldapsdk variables - Update to version 1.4.1.3~git0.1f1119d4b: * Bump version to 1.4.1.3 * Issue 49761 - Fix CI test suite issues * Issue 50041 - Add the rest UI Plugin tabs - Part 2 * Ticket 50340 - 2nd try - structs for diabled plugins will not be freed * Issue 50403 - Instance creation fails on 1.3.9 using perl utils and latest lib389 * Ticket 50389 - ns-slapd craches while two threads are polling the same connection * Issue: 48851 - investigate and port TET matching rules filter tests(scanlimit) * Issue 50037 - lib389 fails to install in venv under non-root user * Issue: 50112 - Port ACI test suit from TET to python3(userattr) * Ticket 50393 - maxlogsperdir accepting negative values * Issue: 50112 - Port ACI test suit from TET to python3(roledn) * Issue 49960 - Core schema contains strings instead of numer oids * Ticket 50396 - Crash in PAM plugin when user does not exist * Issue 50387 - enable_tls() should label ports with ldap_port_t * Issue 50390 - Add Managed Entries Plug-in Config Entry schema * Ticket 50306 - Fix regression with maxbersize * Issue 50384 - Missing dependency: cracklib-dicts * Issue 49029 - [RFE] improve internal operations logging * Issue 49761 - Fix CI test suite issues * Issue - 50374 dsdim posixgroup create fails with ERROR * Ticket 50251 - clear text passwords visable in CLI verbose mode logging * Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients * Issue:48851 - investigate and port TET matching rules filter tests * Issue 50220 - attr_encryption test suite failing * Ticket 50370 - CleanAllRUV task crashing during server shutdown * Ticket 50340 cont - structs for disabled plugins will not be freed * Fix missing import * Issue 50164 - Add test for dscreate to basic test suite * Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes * Issue 49730 - MozLDAP bindings have been unsupported for a while * Issue #50353 - Categorize tests by tiers * Issue 50303 - Add creation date to task data * Issue: 50358 - Create a Bitwise Plugin class in plugins.py * Remove the nss3 path prefix from the cert.h C preprocessor source file inclusion * Ticket 50329 - revert fix * Issue: 50112 - Port ACI test suit from TET to python3(keyaci) * Ticket 50344 - tidy rpm vs build systemd flag handling * Issue #50067 - Fix krb5 dependency in a specfile * Ticket 50340 - structs for diabled plugins will not be freed * Ticket 50327 - Add replication conflict support to UI * Ticket 50327 - Add replication conflict entry support to lib389/CLI * Ticket 50329 - improve connection default parameters * Issue: 50313 - Add a NestedRole type to lib389 * Issue:50112 - Port ACI test suit from TET to python3(Delete and Add) * Ticket 49390, 50019 - support cn=config compare operations * Issue 50041 - Add the rest UI Plugin tabs - Part 1 * Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS * Ticket 49990 - Increase the default FD limits * Ticket 50306 - (cont typo) Move connection config inside struct * Ticket 50291 - Add monitor tab functionality to Cockpit UI * Fix cockpit console AppStream data * Ticket 50317 - fix ds-backtrace issue on latest gdb * Ticket 50305 - Revise CleanAllRUV task restart process * Fix typo from: Issue 49915 - Add regression test * Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is modified * Ticket 49899 - fix pin.txt and pwdfile permissions * Issue 49915 - Add regression test * Ticket 50303 - Add task creation date to task data * Ticket 50306 - Move connection config inside struct * Ticket 50240 - Improve task logging * Issue 50032 - Fix deprecation warnings in tests * Ticket 50310 - fix sasl header include * Ticket 49390 - improve compare and cn=config compare tests - fix permissions handling (boo#1120189) - Update to version 1.4.1.2~git0.9a126614a: * Removes sysconfig from RPM as we no longer create it to detect instance existance or settings. Older installs will still have their sysconfig parsed, but new installs should use systemd environment variables. * Bump version to 1.4.1.2 * Ticket 50308 - Revise memory leak fix * Ticket 50308 - Fix memory leaks for repeat binds and replication * Use PKG_CHECK_MODULES to detect the systemd library * Use PKG_CHECK_MODULES to detect the kerberos library * Use pkg-config from the host system to better support cross-compiling * Use PKG_CHECK_MODULES to detect the libsasl2 library * configure.ac: Add missing comma to an AC_ARG_ENABLE macro * configure.ac: Remove unpaired parentheses from two help strings * m4/doxygen.m4: Fix spelling of Doxygen in a message * Use PKG_CHECK_MODULES to detect the pcre library * Use PKG_CHECK_MODULES to detect the cmocka library * Use PKG_CHECK_MODULES to detect the nss library * Use PKG_CHECK_MODULES to detect the nspr library * Use PKG_CHECK_MODULES to detect the event library * Ticket 49873 - (cont 3rd) cleanup debug log * Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup * Issue 50292 - Fix Plugin CLI and UI issues * Issue:50112 - Port ACI test suit from TET to python3(misc and syntax) * Ticket 50289 - Fix various database UI issues * Ticket 49463 After cleanALLruv, replication is looping on keep alive DEL * Ticket 50300 - Fix memory leak in automember plugin * Ticket 50265: the warning about skew time could last forever * Ticket 50260 - Invalid cache flushing improvements * Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry * Ticket 50077 - Do not automatically turn automember postop modifies on * Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members * Ticket 49715 - extend account functionality * Ticket 49873: (cont) Contention on virtual attribute lookup * Ticket 50260 - backend txn plugins can corrupt entry cache * Ticket 50255 - Port password policy test to use DSLdapObject * Ticket 49667 - 49668 - remove old spec files * Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present * Issue: 50112 - Port ACI test suit from TET to python3(Search) * Ticket 50259 - implement dn construction test * Ticket 50273 - reduce default replicaton agmt timeout * Ticket 50208 - lib389- Fix issue with list all instances * Issue: 50112 - Port ACI test suit from TET to python3(Global Group) * Issue 50041 - Add CLI functionality for special plugins * Issue 50263 - LDAPS port not listening after installation * Ticket 49575 - Indicate autosize value errors and corrective actions * Ticket 50137 - create should not check in non-stateful mode for exist * Ticket 49655 - remove doap file * Issue 50197 - Fix dscreate regression * Ticket 50234 - one level search returns not matching entry * Ticket 50257 - lib389 - password policy user vs subtree checks are broken * Issue: 50253 - Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py * Issue 49029 - [RFE] improve internal operations logging * Ticket 50230 - improve ioerror msg when not root/dirsrv * Issue 50246 - Fix the regression in old control tools * Ticket 50197 - Container integration part 2 * Ticket 50197 - Container init tools * Ticket 50232 - export creates not importable ldif file * Ticket 50215 - UI - implement Database Tab in reachJS * Ticket 50243 - refint modrdn stress test * Ticket 50238 - Failed modrdn can corrupt entry cache * Ticket 50236 - memberOf should be more robust * Ticket 50213 - fix list instance issue * Issue: 50219 - Add generic filter to DSLdapObjects * Issue: 50227 - Making an cosClassicDefinition type in src/lib389/lib389/cos.py * Issue: 50112 - Port ACI test suit from TET to python3(modify) * Ticket 50224 - warnings on deprecated API usage * Issue:50112 - Port ACI test suit from TET to python3(valueaci) * Issue: 50112 Port ACI test suit from TET to python3(Aci Atter) * Ticket 50208 - make instances mark off based on dse.ldif not sysconfig * Issue: 50170 - composable object types for nsRole in lib389 * Ticket 50199 - disable perl by default * Issue:50211 - Making an actual Anonymous type in lib389/idm/account.py * Ticket 50155 - password history check has no way to just check the current password * Ticket 49873 - Contention on virtual attribute lookup * Ticket 50197 - Container integration improvements * Ticket 50195 - improve selinux error messages in interactive * Ticket 49658 - In replicated topology a single-valued attribute can diverge * Ticket 50111: Use pkg-config to detect icu * Ticket 50165 - Fix issues with dscreate * Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status * Ticket 50140 - Use high ports in container installs * Ticket 50184 - Add cli tool parity to dsconf/dsctl * Ticket 50159 - sssd and config display - Remove a pair of %if..%endif guards that do not affect the build. - Updates to 389-ds.spec - Make lib389 a requirement of 389-ds installs - Disable shell script wrappers that have be replaced by dsctl/dsconf - Disable perl in spec file build. For replacement tools see: http://www.port389.org/docs/389ds/FAQ/legacy-command-changes.html - Remove patches that have been merged by upstream - Removed: 0001-init_fhs.patch - merged by upstream - Removed: 0002-use-python2-for-selinux-detection.patch - merged by upstream - Removed: drop-caps.patch - merged by upstream - Commented requires and recommendes in 389-ds.spec - cyrus-sasl-plain added as a requirement as it is the only plaintext or start TLS secure method for password auth (LDAPS is always secure) - cyrus-sasl-gssapi moved to recommends as it is not always required - cyrus-sasl-digestmd5 moved to recommends, as it is insecure and not always required - openldap2-client moved to recommends on lib389 as a supplement to ldap command line tools that we provide, but not necessary - python3-selinux and python3-policycoreutils moved to recommends as they are not required, and only give "nice to have" features during install of an instance - Update to version 1.4.1.1~git0.af9bb7206: * Bump version to 1.4.1.1 * Ticket 50151 - lib389 support cli add/replace/delete on objects * Issue 50041 - CLI and WebUI - Add memberOf plugin functionality * Bump version to 1.4.1.0 * Ticket 50125 - perl fix ups for tmpfiles * Ticket 50164 - Add test for dscreate * Fix for ticket 50059: If an object is nsds5replica, it must be cn=replica * Ticket 50169 - lib389 changed hardcoded systemctl path * Ticket 50165 - Fix dscreate issues * Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser * Fix compiler warning in snmp main() * Ticket - Fix compiler warning in init.c * Ticket 49540 - FIx compiler warning in ldif2ldbm * Ticket 50169 - lib389 changed hardcoded systemctl path * Ticket 50165 - Fix dscreate issues * Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser * Ticket 49540 - FIx compiler warning in ldif2ldbm * Ticket 50077 - Fix compiler warnings in automember rebuild task * Ticket 49972 - use-after-free in case of several parallel krb * authentication * Ticket 50161 - Fixed some descriptions in "dsconf backend --help" * Ticket 50153 - Increase default max logs * Ticket 50123 - with_tmpfiles_d is associated to systemd * Ticket 49984 - python installer add option to create suffix entry * Ticket 49984 - python installer add option to create suffix entry * Ticket 50077 - RFE - improve automember plugin to work with * modify ops * Ticket 50136 - Allow resetting passwords on the CLI * Ticket 49994 - Adjust dsconf backend usage * Ticket 50138 - db2bak.pl -P LDAPS does not work when * nsslapd-securePort is missing * Ticket 50122 - Fix incorrect path spec * Issue 50145 - Add a verbose option to the backup tools * Ticket 50056 - dsctl db2ldif throws an exception * Ticket 50078 - cannot add cenotaph in read only consumer * Ticket 50126 - Incorrect usage of sudo in test * Issue 50130 - Building RPMs on RHEL8 fails * Ticket 50134 - fixup-memberof.pl does not respect protocol requested * Issue 50122 - Selinux test for presence * Issue 50101 - Port fourwaymmr Test TET suit to python3 * Issue 50091 - shadowWarning is not generated if passwordWarning * is lower than 86400 seconds (1 day). * Ticket 50128 - NS Stress fails without ipv6 * Issue 49618 - Set nsslapd-cachememsize to custom value * Ticket 50117 - after certain failed import operation, impossible * to replay an import operation * Ticket 49999 - rpm.mk dist-bz2 should clean cockpit_dist first * Issue 48064 - Fix various issues in disk monitoring test suite * Issue 49938 - lib389 - Clean up CLI logging * Issue 49761 - Fix CI test suite issues * Ticket 50056 - Fix UI bugs (part 2) * Issue: 48064 - CI test - disk_monitoring * Ticket 50099 - extend error messages * Ticket 50099 - In FIPS mode, the server can select an unsupported * password storage scheme * Issue 50041 - Add basic plugin UI/CLI wrappers * Issue 50082 - Port state test suite * Ticket 49574 - remove index subsystem * Issue 49588 - Add py3 support for tickets : part-5 * Ticket 50095 - cleanup deprecated key.h includes - use lib389 on 15.0 and up. now that we do not hardrequire the python selinux bindings anymore ------------------------------------------------------------------- Fri Aug 9 02:15:50 UTC 2019 - William Brown <william.brown@suse.com> - Update specfile to be inline with the OpenSUSE spec file * include future-configurations in the spec which are not active until 15.2 * lib389 (upstream requirement from 1.4.0) * rust (upstream requirement from 1.4.2) * removal of perl (upstream has not supported perl in any 1.4.x release) * resolve missing svrcore obsoletes statement and pkg configuration (bsc#1144797) ------------------------------------------------------------------- Thu Aug 01 04:19:39 UTC 2019 - 389-ds-maintainer@suse.de - Update to version 1.4.0.26~git0.8a2d3de6f: * Bump version to 1.4.0.26 * Issue 50499 - Fix audit issues and remove jquery from the whitelist * Issue 50355 - SSL version min and max not correctly applied * Issue 50325 - Add Security tab to UI * Issue 50177 - Add a new CI test case, also added fixes in lib389 * Bump version to 1.4.0.25 * Issue 50431 - Fix regression from coverity fix * Bump version to 389-ds-base-1.4.0.24 * Fix cherry-pick error from last commit * Issue 50052 - Fix rpm.mk according to audit-ci change * Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present * Issue 50041 - Add the rest UI Plugin tabs - Part 1 * Ticket 50217 - Implement dsconf security section * Issue 49602 - Revise replication status messages * Issue 50431 - Fix regression from coverity fix * Ticket 50431 - Fix covscan warnings * Issue 50426 - nsSSL3Ciphers is limited to 1024 characters * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request" * Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS * Ticket 50413 - ds-replcheck - Always display the Result Summary * Ticket 50355 - NSS can change the requested SSL min and max versions * Bump version to 1.4.0.23 * Issue 50041 - Add the rest UI Plugin tabs - Part 2 * Ticket 50340 - 2nd try - structs for diabled plugins will not be freed * Ticket 50393 - maxlogsperdir accepting negative values * Ticket 50396 - Crash in PAM plugin when user does not exist * Issue 50390 - Add Managed Entries Plug-in Config Entry schema * Ticket 50251 - clear text passwords visable in CLI verbose mode logging * Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients * Ticket 50370 - CleanAllRUV task crashing during server shutdown * Ticket 50340 cont - structs for disabled plugins will not be freed * Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes * Ticket 50329 - revert fix * Ticket 50340 - structs for diabled plugins will not be freed * Ticket 50327 - Add replication conflict support to UI * Ticket 50327 - Add replication conflict entry support to lib389/CLI * Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS * Ticket 49990 - Increase the default FD limits * Ticket 50291 - Add monitor tab functionality to Cockpit UI * Fix cockpit console AppStream data * Ticket 50305 - Revise CleanAllRUV task restart process * Ticket 50303 - Add task creation date to task data * Ticket 50240 - Improve task logging ------------------------------------------------------------------- Tue Apr 16 01:19:05 UTC 2019 - 389-ds-maintainer@suse.de - Update to version 1.4.0.22~git0.9d84a40dd: * Bump version to 1.4.0.22 which resolves: * (bsc#1120189) * (bsc#991201, CVE-2016-5416) * (bsc#1083689, CVE-2018-1054) * (bsc#1092187, CVE-2018-1089) * (bsc#1099465, CVE-2018-10871) * (bsc#1108674, CVE-2018-14638) * (bsc#1109609, CVE-2018-14648) * (bsc#1132385, CVE-2019-3883) * (bsc#1105606, CVE-2018-10935) * Ticket 50308 - Revise memory leak fix * Ticket 50308 - Fix memory leaks for repeat binds and replication * Ticket 49873 - (cont 3rd) cleanup debug log * Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup * Issue 50292 - Fix Plugin CLI and UI issues * Ticket 50289 - Fix various database UI issues * Ticket 50300 - Fix memory leak in automember plugin * Ticket 50265: the warning about skew time could last forever * Ticket 50260 - Invalid cache flushing improvements * Remove obsolete patch 0001-init_fhs.patch * Remove obsolete patch 0002-use-python2-for-selinux-detection.patch * Remove obsolete patch 0003-fix-rm-non-existent-man-pages.patch * Remove obsolete patch simplify-lib389-setup-py.patch * Remove obsolete patch tw.patch * Remove obsolete patch 0006-under-network-load-ps-can-decrease-connection-refcnt.patch * Remove obsolete patch 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch * Remove obsolete patch 0008-invalid-password-migration-causes-unauth-bind.patch * Remove obsolete patch 0009-ldapsearch-with-server-side-sort-crashes-the-server.patch * Remove obsolete patch 0010-Log-buffer-exceeded-emergency-logging-msg-is-not-thread-safe.patch ------------------------------------------------------------------- Tue Sep 11 12:47:02 UTC 2018 - varkoly@suse.com - Introduce patch: 0010-Log-buffer-exceeded-emergency-logging-msg-is-not-thread-safe.patch to fix the issue "389-ds: Server crash through modify command with large DN" (bsc#1106699, CVE-2018-14624) ------------------------------------------------------------------- Wed Aug 22 13:26:15 UTC 2018 - varkoly@suse.com - Introduce patch: 0009-ldapsearch-with-server-side-sort-crashes-the-server.patch to fix the issue that ldapsearch with server side sort allows users to cause a crash (bsc#1105606, CVE-2018-10935) ------------------------------------------------------------------- Tue Jul 31 14:36:51 UTC 2018 - dakechi@suse.com - Introduce patches: * 0006-under-network-load-ps-can-decrease-connection-refcnt.patch to fix the race condition on reference counter (bsc#1096368, CVE-2018-10850) * 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch (bsc#1076530, CVE-2017-15134) * 0008-invalid-password-migration-causes-unauth-bind.patch (bsc#1076530, CVE-2017-15135) ------------------------------------------------------------------- Mon Feb 19 13:01:04 UTC 2018 - hguo@suse.com - Explicitly generate dirsrv sysconfig file as it is necessary for SLES 15 (bsc#1081324). ------------------------------------------------------------------- Fri Feb 2 01:31:25 UTC 2018 - mrueckert@suse.de - switch lib389 to use the python3-ldap subpackage ------------------------------------------------------------------- Wed Jan 31 13:28:21 UTC 2018 - hguo@suse.com - For SLES 15 schedule, do not build lib389 programmable extension for now. ------------------------------------------------------------------- Wed Jan 31 11:13:17 UTC 2018 - dimstar@opensuse.org - BuildRequire python3-ldap instead of python3-pyldap: pyldap is deprecated in favor of python-ldap. ------------------------------------------------------------------- Tue Jan 30 14:19:15 UTC 2018 - hguo@suse.com - Rename dependency package python-pyldap into python3-pyldap. ------------------------------------------------------------------- Mon Jan 29 15:20:10 UTC 2018 - hguo@suse.com - Correct name to dependency package "python-pyldap". ------------------------------------------------------------------- Thu Jan 25 15:09:41 UTC 2018 - hguo@suse.com - Introduce patch 0003-fix-rm-non-existent-man-pages.patch to remove a faulty rm statement from makefile. ------------------------------------------------------------------- Sun Jan 14 02:59:15 UTC 2018 - mrueckert@suse.de - add tw.patch to fix potential buffer overflow ------------------------------------------------------------------- Tue Dec 5 14:45:57 UTC 2017 - rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- Mon Nov 20 22:34:46 UTC 2017 - mrueckert@suse.de - added simplify-lib389-setup-py.patch seems the python3 setuptools on leap 42.3 do not like this fancy syntax. kill it and always use the python 3 way. ------------------------------------------------------------------- Mon Nov 20 22:15:45 UTC 2017 - mrueckert@suse.de - update to 1.4.0.3 - Ticket 49457 - Fix spal_meminfo_get function prototype - Ticket 49455 - Add tests to monitor test suit. - Ticket 49448 - dynamic default pw scheme based on environment. - Ticket 49298 - fix complier warn - Ticket 49298 - Correct error codes with config restore. - Ticket 49454 - SSL Client Authentication breaks in FIPS mode - Ticket 49453 - passwd.py to use pwdhash defaults. - Ticket 49427 - whitespace in fedse.c - Ticket 49410 - opened connection can remain no longer poll, like hanging - Ticket 48118 - fix compiler warning for incorrect return type - Ticket 49451 - Add environment markers to lib389 dependencies - Ticket 49325 - Proof of concept rust tqueue in sds - Ticket 49443 - scope one searches in 1.3.7 give incorrect results - Ticket 48118 - At startup, changelog can be erronously rebuilt after a normal shutdown - Ticket 49412 - SIGSEV when setting invalid changelog config value - Ticket 49441 - Import crashes - oneline fix - Ticket 49377 - Incoming BER too large with TLS on plain port - Ticket 49441 - Import crashes with large indexed binary attributes - Ticket 49435 - Fix NS race condition on loaded test systems - Ticket 77 - lib389 - Refactor docstrings in rST format - part 2 - Ticket 17 - lib389 - dsremove support - Ticket 3 - lib389 - python 3 compat for paged results test - Ticket 3 - lib389 - Python 3 support for memberof plugin test suit - Ticket 3 - lib389 - config test - Ticket 3 - lib389 - python 3 support ds_logs tests - Ticket 3 - lib389 - python 3 support for betxn test ------------------------------------------------------------------- Sat Nov 11 00:53:42 UTC 2017 - mrueckert@suse.de - we actually need pyldap ------------------------------------------------------------------- Fri Nov 10 23:50:29 UTC 2017 - mrueckert@suse.de - lib389 is merged into this tarball now. move the subpackage here. ------------------------------------------------------------------- Fri Nov 10 22:45:23 UTC 2017 - mrueckert@suse.de - update to 1.4.0.2 - Ticket 48393 - fix copy and paste error - Ticket 49439 - cleanallruv is not logging information - Ticket 48393 - Improve replication config validation - Ticket lib389 3 - Python 3 support for ACL test suite - Ticket 103 - sysconfig not found - Ticket 49436 - double free in COS in some conditions - Ticket 48007 - CI test to test changelog trimming interval - Ticket 49424 - Resolve csiphash alignment issues - Ticket lib389 3 - Python 3 support for pwdPolicy_controls_test.py - Ticket 3 - python 3 support - filter test - Ticket 49434 - RPM build errors - Ticket 49432 - filter optimise crash - Ticket 49432 - Add complex fliter CI test - Ticket 48894 - harden valueset_array_to_sorted_quick valueset access - Ticket 49401 - Fix compiler incompatible-pointer-types warnings - Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl - Ticket 49409 - Update lib389 requirements - Ticket 49401 - improve valueset sorted performance on delete - Ticket 49374 - server fails to start because maxdisksize is recognized incorrectly - Ticket 49408 - Server allows to set any nsds5replicaid in the existing replica entry - Ticket 49407 - status-dirsrv shows ellipsed lines - Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl - Ticket 49386 - Memberof should be ignore MODRDN when the pre/post entry are identical - Ticket 48006 - Missing warning for invalid replica backoff configuration - Ticket 49064 - testcase hardening - Ticket 49064 - RFE allow to enable MemberOf plugin in dedicated consumer - Ticket lib389 3 - python 3 support - Ticket 49402 - Adding a database entry with the same database name that was deleted hangs server at shutdown - Ticket 48235 - remove memberof lock (cherry-pick error) - Ticket 49394 - build warning - Ticket 49381 - Refactor numerous suite docstrings - Part 2 - Ticket 49394 - slapi_pblock_get may leave unchanged the provided variable - Ticket 49403 - tidy ns logging - Ticket 49381 - Refactor filter test suite docstrings - Ticket 48235 - Remove memberOf global lock - Ticket 103 - Make sysconfig where it is expected to exist - Ticket 49400 - Add clang support to rpm builds - Ticket 49381 - Refactor ACL test suite docstrings - Ticket 49363 - Merge lib389 - Ticket 101 - BaseException.message has been deprecated in Python3 - Ticket 102 - referral support - Ticket 99 - Fix typo in create_topology - Ticket #98 - Fix dbscan output - Ticket #77 - Fix changelogdb param issue - Ticket #77 - Refactor docstrings in rST format - part 1 - Ticket 96 - Change binaries’ names - Ticket 77 - Add sphinx documentation - Ticket 43 - Add support for Referential Integrity plugin - Ticket 45 - Add support for Rootdn Access Control plugin - Ticket 46 - dsconf support for dynamic schema reload - Ticket 74 - Advice users to set referint-update-delay to 0 - Ticket 92 - display_attr() should return str not bytes in py3 - Ticket 93 - Fix test cases in ctl_dbtasks_test.py - Ticket 88 - python install and remove for tests - Ticket 85 - Remove legacy replication attribute - Ticket 91 - Fix replication topology - Ticket 89 - Fix inconsistency with serverid - Ticket 79 - Fix replica.py and add tests - Ticket 86 - add build dir to gitignore - Ticket 83 - Add an util for generating instance parameters - Ticket 87 - Update accesslog regec for HR etimes - Ticket 49 - Add support for whoami plugin - Ticket 48 - Add support for USN plugin - Ticket 78 - Add exists() method to DSLdapObject - Ticket 31 - Allow complete removal of some memberOf attrs - Ticket31 - Add memberOf fix-up task - Ticket 67 - Add ensure_int function - Ticket 59 - lib389 support for index management. - Ticket 67 - get attr by type - Ticket 70 - Improve repl tools - Ticket 50 - typo in db2* in dsctl - Ticket 31 - Add status command and SkipNested support for MemberOf - Ticket 31 - Add functional tests for MemberOf plugin - Ticket 66 - expand healthcheck for Directory Server - Ticket 69 - add specfile requires - Ticket 31 - Initial MemberOf plugin support - Ticket 50 - Add db2* tasks to dsctl - Ticket 65 - Add m2c2 topology - Ticket 63 - part 2, agreement test - Ticket 63 - lib389 python 3 fix - Ticket 62 - dirsrv offline log - Ticket 60 - add dsrc to dsconf and dsidm - Ticket 32 - Add TLS external bind support for testing - Ticket 27 - Fix get function in tests - Ticket 28 - userAccount for older versions without nsmemberof - Ticket 27 - Improve dseldif API - Ticket 30 - Add initial support for account lock and unlock. - Ticket 29 - fix incorrect format in tools - Ticket 28 - Change default objectClasses for users and groups - Ticket 1 - Fix missing dn / rdn on config. - Ticket 27 - Add a module for working with dse.ldif file - Ticket 1 - cn=config comparison - Ticket 21 - Missing serverid in dirsrv_test due to incorrect allocation - Ticket 26 - improve lib389 sasl support - Ticket 24 - Join paths using os.path.join instead of string concatenation - Ticket 25 - Fix RUV repr function - Ticket 23 - Use DirSrv.exists() instead of manually checking for instance’s existence - Ticket 1 - cn=config comparison - Ticket 22 - Specify a basedn parameter for IDM modules - Ticket 19 - missing readme.md in python3 - Ticket 20 - Use the DN_DM constant instead of hard coding its value - Ticket 19 - Missing file and improve make - Ticket 14 - Remane dsadm to dsctl - Ticket 16 - Reset InstScriptsEnabled argument during the init - Ticket 14 - Remane dsadm to dsctl - Ticket 13 - Add init function to create new domain entries - Ticket 15 - Improve instance configuration ability - Ticket 10 - Improve command line tool arguments - Ticket 9 - Convert readme to MD - Ticket 7 - Add pause and resume methods to topology fixtures - Ticket 49172 - Allow lib389 to read system schema and instance - Ticket 49172 - Allow lib389 to read system schema and instance - Ticket 6 - Bump lib389 version 1.0.4 - Ticket 5 - Fix container build on fedora - Ticket 4 - Cert detection breaks some tests - Ticket 49137 - Add sasl plain tests, lib389 support - Ticket 2 - pytest mark with version relies on root - Ticket 49126 - DIT management tool - Ticket 49101 - Python 2 generate example entries - Ticket 49103 - python 2 support for installer - Ticket 47747 - Add topology_i2 and topology_i3 - Ticket 49087 - lib389 resolve jenkins issues - Ticket 48413 - Improvements to lib389 for rest - Ticket 49083 - Support prefix for discovery of the defaults.inf file. - Ticket 49055 - Fix debugging mode issue - Ticket 49060 - Increase number of masters, hubs and consumers in topology - Ticket 47747 - Add more topology fixtures - Ticket 47840 - Add InstScriptsEnabled argument - Ticket 47747 - Add topology fixtures module - Ticket 48707 - Implement draft-wibrown-ldapssotoken-01 - Ticket 49022 - Lib389, py3 installer cannot create entries in backend - Ticket 49024 - Fix paths to the dbdir parent - Ticket 49024 - Fix db_dir paths - Ticket 49024 - Fix paths in tools module - Ticket 48961 - Fix lib389 minor issues shown by 48961 test - Ticket 49010 - Lib389 fails to start with systemctl changes - Ticket 49007 - lib389 fixes for paths to use online values - Ticket 49005 - Update lib389 to work in containers correctly. - Ticket 48991 - Fix lib389 spec for python2 and python3 - Ticket 48984 - Add lib389 paths module - Ticket 48951 - dsadm dsconfig status and plugin - Ticket 47957 - Update the replication “idle” status string - Ticket 48951 - dsadm and dsconf base files - Ticket 48952 - Restart command needs a sleep - Ticket 48949 - Fix ups for style and correctness - Ticket 48949 - added copying slapd-collations.conf - Ticket 48949 - change default file path generation - use os.path.join - Ticket 48949 - os.makedirs() exist_ok not python2 compatible, added try/except - Ticket 48949 - configparser fallback not python2 compatible - Ticket 48946 - openConnection should not fully popluate DirSrv object - Ticket 48832 - Add DirSrvTools.getLocalhost() function - Ticket 48382 - Fix serverCmd to get sbin dir properly - Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc. - Ticket 48937 - Cleanup valgrind wrapper script - Ticket 48923 - Fix additional issue with serverCmd - Ticket 48923 - serverCmd timeout not working as expected - Ticket 48917 - Attribute presence - Ticket 48911 - Plugin improvements for lib389 - Ticket 48911 - Improve plugin support based on new mapped objects - Ticket 48910 - Fixes for backend tests and lib389 reliability. - Ticket 48860 - Add replication tools - Ticket 48888 - Correction to create of dsldapobject - Ticket 48886 - Fix NSS SSL library in lib389 - Ticket 48885 - Fix spec file requires - Ticket 48884 - Bugfixes for mapped object and new connections - Ticket 48878 - better style for backend in backend_test.py - Ticket 48878 - pep8 fixes part 2 - Ticket 48878 - pep8 fixes and fix rpm to build - Ticket 48853 - Prerelease installer - Ticket 48820 - Begin to test compatability with py.test3, and the new orm - Ticket 48434 - Fix for negative tz offsets - Ticket 48857 - Remove python-krbV from lib389 - Ticket 48820 - Fix tests to ensure they work with the new object types - Ticket 48820 - Move Encryption and RSA to the new object types - Ticket 48820 - Proof of concept of orm style mapping of configs and objects - Ticket 48820 - Clitool rename - Ticket 48431 - lib389 integrate ldclt - Ticket 48434 - lib389 logging tools - Ticket 48796 - add function to remove logs - Ticket 48771 - lib389 - get ns-slapd version - Ticket 48830 - Convert lib389 to ip route tools - Ticket 48763 - backup should run regardless of existing backups. - Ticket 48434 - lib389 logging tools - Ticket 48798 - EL6 compat for lib389 tests for DH params - Ticket 48798 - lib389 add ability to create nss ca and certificate - Ticket 48433 - Aci linting tools - Ticket 48791 - format args in server tools - Ticket 48399 - Helper makefile is missing mkdir dist - Ticket 48399 - Helper makefile is missing mkdir dist - Ticket 48794 - lib389 build requires are on a single line - Ticket 48660 - Add function to convert binary values in an entry to base64 - Ticket 48764 - Fix mit krb password to be random. - Ticket 48765 - Change default ports for standalone topology - Ticket 48750 - Clean up logging to improve command experience - Ticket 48751 - Improve lib389 ldapi support - Ticket 48399 - Add helper makefile to lib389 to build and install - Ticket 48661 - Agreement test suite fails at the test_changes case - Ticket 48407 - Add test coverage module for lib389 repo - Ticket 48357 - clitools should standarise their args - Ticket 48560 - Make verbose handling consistent - Ticket 48419 - getadminport() should not a be a static method - Ticket 48408 - RFE escaped default suffix for tests - Ticket 48401 - Revert typecheck - Ticket 48401 - lib389 Entry hasAttr returs dict instead of false - Ticket 48390 - RFE Improvements to lib389 monitor features for rest389 - Ticket 48358 - Add new spec file - Ticket 48371 - weaker host check on localhost.localdomain - Ticket 58358 - Update spec file with pre-release versioning - Ticket 48358 - Make Fedora packaging changes to the spec file - Ticket 48358 - Prepare lib389 for Fedora Packaging - Ticket 48364 - Fix test failures - Ticket 48360 - Refactor the delete agreement function - Ticket 48361 - Expand 389ds monitoring capabilities - Ticket 48246 - Adding license/copyright to lib389 files - Ticket 48340 - Add basic monitor support to lib389 https://fedorahosted.org/389/ticket/48340 - Ticket 48353 - Add Replication REST support to lib389 - Ticket 47840 - Fix regression - Ticket 48343 - lib389 krb5 realm management https://fedorahosted.org/389/ticket/48343 - Ticket 47840 - fix lib389 to use sbin scripts https://fedorahosted.org/389/ticket/47840 - Ticket 48335 - Add SASL support to lib389 - Ticket 48329 - Fix case-senstive scyheam comparisions - Ticket 48303 - Fix lib389 broken tests - Ticket 48329 - add matching rule functions to schema module - Ticket 48324 - fix boolean capitalisation (one line) https://fedorahosted.org/389/ticket/48324 - Ticket 48321 - Improve is_a_dn check to prevent mistakes with lib389 auth https://fedorahosted.org/389/ticket/48321 - Ticket 48322 - Allow reindex function to reindex all attributes - Ticket 48319 - Fix ldap.LDAPError exception processing - Ticket 48318 - Do not delete a changelog while disabling a replication by suffix - Ticket 48308 - Add eq and ne to Entry to allow fast comparison https://fedorahosted.org/389/ticket/48308 - Ticket 48303 - Fix lib389 broken tests - backend_test - Ticket 48309 - Fix lib389 lib imports - Ticket 48303 - Fix lib389 broken tests - agreement_test - Ticket 48303 - Fix lib389 broken tests - aci_parse_test - Ticket 48301 - add tox support - Ticket 48204 - update lib389 for python3 - Ticket 48273 - Improve valgrind functions - Ticket 48271 - Fix for self.prefix being none when SER_DEPLOYED_DIR is none https://fedorahosted.org/389/ticket/48271 - Ticket 48259 - Add aci parsing utilities to lib389 - Ticket 48252 - (lib389) adding get_bin_dir and dbscan - Ticket 48247 - Change the default user to ‘dirsrv’ - Ticket 47848 - Add new function to create ldif files - Ticket 48239 - Fix for prefix allocation of un-initialised dirsrv objects - Ticket 48237 - Add lib389 helper to enable and disable logging services. - Ticket 48236 - Add get effective rights helper to lib389 - Ticket 48238 - Add objectclass and attribute type query mechanisms - Ticket 48029 - Add missing replication related functions - Ticket 48028 - add valgrind wrapper for ns-slapd - Ticket 48028 - lib389 - add valgrind functions - Ticket 48022 - lib389 - Add all the server tasks - Ticket 48023 - create function to test replication between servers - Ticket 48020 - lib389 - need to reset args_instance with every DirSrv init - Ticket 48000 - Repl agmts need more time to stop - Ticket 48004 - Fix various issues - Ticket 48000 - replica agreement pause/resume should have a short sleep - Ticket 47990 - Add check for “.removed” instances when doing an upgrade - Ticket 47990 - Add “upgrade” function to lib389 - Ticket 47691 - using lib389 with RPMs - Ticket 47848 - Add support for setuptools. - Ticket 47855 - Add function to clear tmp directory - Ticket 47851 - Need to retrieve tmp directory path - Ticket 47845 - add stripcsn option to tombstone fixup task - Ticket 47851 - Add function to retrieve dirsrvtests data directory - Ticket 47845 - Add backup/restore/fixup tombstone tasks to lib389 - Ticket 47819 - Add the new precise tombstone purging config attribute - Ticket 47695 - Add plugins/tasks/Index - Ticket 47648 - lib389 - add schema classes, methods - Ticket 47671 - CI lib389: allow to open a DirSrv without having to create the instance - Ticket 47600 - Replica/Agreement/Changelog not conform to the design - Ticket 47652 - replica add fails: MT.list return a list not an entry - Ticket 47635 - MT/Backend/Suffix to be conform with the design - Ticket 47625 - CI lib389: DirSrv not conform to the design - Ticket 47595 - fail to detect/reinit already existing instance/backup - Ticket 47590 - CI tests: add/split functions around replication - Ticket 47584 - CI tests: add backup/restore of an instance - Ticket 47578 - CI tests: removal of ‘sudo’ and absolute path in lib389 - Ticket 47568 - Rename DSAdmin class - Ticket 47566 - Initial import of DSadmin into 389-test repos ------------------------------------------------------------------- Tue Oct 24 12:35:24 UTC 2017 - jengelh@inai.de - Use openSUSE rpm group classifications. - Remove removal of .a files that do not exist to begin with (because of --disable-static). - Remove double removal of .la files. - Do not suppress errors from useradd. ------------------------------------------------------------------- Wed Oct 18 20:57:17 UTC 2017 - mrueckert@suse.de - update to 1.4.0.1 - Ticket 49038 - remove legacy replication - change cleanup script precedence - Ticket 49392 - memavailable not available - Ticket 49235 - pbkdf2 by default - Ticket 49279 - remove dsktune - Ticket 49372 - filter optimisation improvements for common queries - Ticket 49320 - Activating already active role returns error 16 - Ticket 49389 - unable to retrieve specific cosAttribute when subtree password policy is configured - Ticket 49092 - Add CI test for schema-reload - Ticket 49388 - repl-monitor - matches null string many times in regex - Ticket 49387 - pbkdf2 settings were too aggressive - Ticket 49385 - Fix coverity warnings - Ticket 49305 - Need to wrap atomic calls - Ticket 48973 - Indexing a ExactIA5Match attribute with a IgnoreIA5Match matching rule triggers a warning - Ticket 49378 - server init fails - Ticket 49305 - Need to wrap atomic calls - Ticket 49180 - add CI test - Ticket 49180 - errors log filled with attrlist_replace - attr_replace ------------------------------------------------------------------- Tue Oct 10 16:06:18 UTC 2017 - mrueckert@suse.de - drop 389-ds-reproducible.patch: applied upstream ------------------------------------------------------------------- Fri Sep 29 00:06:42 UTC 2017 - mrueckert@suse.de - move upgrade and restart code to postun ------------------------------------------------------------------- Thu Sep 28 15:40:51 UTC 2017 - mrueckert@suse.de - make sure we stop before uninstall - build require gdb for directory ownership ------------------------------------------------------------------- Wed Sep 27 16:11:29 UTC 2017 - mrueckert@suse.de - sync requires with fedora spec file - build with tcmalloc - add missing requires for things like bind-utils, db-utils - add requires to the devel package - split out the snmp agent - upgrade all databases on update ------------------------------------------------------------------- Wed Sep 27 15:10:25 UTC 2017 - mrueckert@suse.de - update to 1.4.0.0 - Ticket 49327 - Add CI test for password expiration controls - Ticket 48085 - CI tests - replication ruvstore - Ticket 49381 - Refactor numerous suite docstrings - Ticket 48085 - CI tests - replication cl5 - Ticket 49379 - Allowed sasl mapping requires restart - Ticket 49327 - password expired control not sent during grace logins - Ticket 49380 - Add CI test - Ticket 83 - Fix create_test.py imports - Ticket 49381 - Add docstrings to ds_logs, gssapi_repl, betxn - Ticket 49380 - Crash when adding invalid replication agreement - Ticket 48081 - CI test - password - Ticket 49295 - Fix CI tests - Ticket 49295 - Fix CI test for account policy - Ticket 49373 - remove unused header file - changes from 1.3.7.4 - Ticket 49371 - Cleanup update script - Ticket 48831 - Autotune dncache with entry cache. - Ticket 49312 - pwdhash -D used default hash algo - Ticket 49043 - make replication conflicts transparent to clients - Ticket 49371 - Fix rpm build - Ticket 49371 - Template dse.ldif did not contain all needed plugins - Ticket 49295 - Fix CI Tests - Ticket 49050 - make objectclass ldapsubentry effective immediately - changes from 1.3.7.3 - Ticket 49354 - fix regression in total init due to mistake in range fetch - Ticket 49370 - local password policies should use the same defaults as the global policy - Ticket 48989 - Delete slow lib389 test - Ticket 49367 - missing braces in idsktune - Ticket 49364 - incorrect function declaration. - Ticket 49275 - fix tls auth regression - Ticket 49038 - Revise creation of cn=replication,cn=config - Ticket 49368 - Fix typo in log message - Ticket 48059 - Add docstrings to CLU tests - Ticket 47840 - Add docstrings to setup tests - Ticket 49348 - support perlless and wrapperless install ------------------------------------------------------------------- Tue Sep 19 09:39:08 CEST 2017 - kukuk@suse.de - Remove unnecessary ldconfig calls ------------------------------------------------------------------- Wed Aug 30 15:49:42 UTC 2017 - mrueckert@suse.de - update to 1.3.7.2 - Ticket 49038 - Fix regression from legacy code cleanup - Ticket 49295 - Fix CI tests - Ticket 48067 - Add bugzilla tests for ds_logs - Ticket 49356 - mapping tree crash can occur during tot init - Ticket 49275 - fix compiler warns for gcc 7 - Ticket 49248 - Add a docstring to account locking test case - Ticket 49445 - remove dead code - Ticket 48081 - Add regression tests for pwpolicy - Ticket 48056 - Add docstrings to basic test suite - Ticket 49349 - global name ‘imap’ is not defined - Ticket 83 - lib389 - Fix tests and create_test.py - Ticket 48185 - Remove referint-logchanges attr from referint’s config - Ticket 48081 - Add regression tests for pwpolicy - Ticket 83 - lib389 - Replace topology agmt objects - Ticket 49331 - change autoscaling defaults - Ticket 49330 - Improve ndn cache performance. - Ticket 49347 - reproducable build numbers - Ticket 39344 - changelog ldif import fails - Ticket 49337 - Add regression tests for import tests - Ticket 49309 - syntax checking on referint’s delay attr - Ticket 49336 - SECURITY: Locked account provides different return code - Ticket 49332 - Event queue is not working - Ticket 49313 - Change the retrochangelog default cache size - Ticket 49329 - Descriptive error msg for USN cleanup task - Ticket 49328 - Cleanup source code - Ticket 49299 - Add normalized dn cache stats to dbmon.sh - Ticket 49290 - improve idl handling in complex searches - Ticket 49328 - Update clang-format config file - Ticket 49091 - remove usage of changelog semaphore - Ticket 49275 - shadow warnings for gcc7 - pass 1 - Ticket 49316 - fix missing not condition in clock cleanu - Ticket 49038 - Remove legacy replication - Ticket 49287 - v3 extend csnpl handling to multiple backends - Ticket 49310 - remove sds logging in debug builds - Ticket 49031 - Improve memberof with a cache of group parents - Ticket 49316 - Fix clock unsafety in DS - Ticket 48210 - Add IP addr and connid to monitor output - Ticket 49295 - Fix CI tests and compiler warnings - Ticket 49295 - Fix CI tests - Ticket 49305 - Improve atomic behaviours in 389-ds - Ticket 49298 - fix missing header - Ticket 49314 - Add untracked files to the .gitignore - Ticket 49303 - Fix error in CI test - Ticket 49302 - fix dirsrv importst due to lib389 change - Ticket 49303 - Add option to disable TLS client-initiated renegotiation - Ticket 49298 - force sync() on shutdown - Ticket 49306 - make -f rpm.mk rpms produces build without tcmalloc enabled - Ticket 49297 - improve search perf in bpt by removing a deref - Ticket 49284 - resolve crash in memberof when deleting attrs - Ticket 49290 - unindexed range searches don’t provide notes=U - Ticket 49301 - Add one logpipe test case - changes from 1.3.6.8 - Ticket 49356 - mapping tree crash can occur during tot init - changes from 1.3.6.7 - Ticket 49330 - Improve ndn cache performance - Ticket 49298 - fix missing header - Ticket 49298 - force sync() on shutdown - Ticket 49336 - SECURITY: Locked account provides different return code - Ticket 49334 - fix backup restore if changelog exists - Ticket 49313 - Change the retrochangelog default cache size - Fix error log format in add.c - Ticket 49287 - fix compiler warning for patch 49287 - Ticket 49287 - v3 extend csnpl handling to multiple backends - Ticket 49288 - RootDN Access wrong plugin path in template-dse.ldif.in - Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV if related pblock has not operation set - Ticket 49008 - Fix MO plugin betxn test - Ticket 49227 - ldapsearch does not return the expected Error log level - Ticket 49028 - Add autotuning test suite - Ticket 49273 - bak2db doesn’t operate with dbversion - Ticket 49184 - adjust logging level in MO plugin - Ticket 49257 - only register modify callbacks - Ticket 49257 - Update CI script - Ticket 49008 - Adjust CI test for new memberOf behavior - Ticket 49273 - crash when DBVERSION is corrupt. - Ticket 49268 - master branch fails on big endian systems - Ticket 49241 - add symblic link location to db2bak.pl output - Ticket 49257 - Reject nsslapd-cachememsize & nsslapd-cachesize when nsslapd-cache-autosize is set - Ticket 48538 - Failed to delete old semaphore - Ticket 49231 - force EXTERNAL always - Ticket 49267 - autosize split of 0 results in dbcache of 0 ------------------------------------------------------------------- Wed Aug 30 12:29:40 UTC 2017 - bwiedemann@suse.com - Add 389-ds-reproducible.patch not use build date in build num to make build reproducible (boo#1047218) ------------------------------------------------------------------- Tue Aug 15 14:37:47 UTC 2017 - hguo@suse.com - Introduce acl as mandatory runtime dependency. ------------------------------------------------------------------- Tue Aug 8 14:37:00 UTC 2017 - hguo@suse.com - Rename patch 389-ds-base-1.3.2.11_init_fhs.patch -> 0001-init_fhs.patch - Fix faulty python module import with patch 0002-use-python2-for-selinux-detection.patch - Conduct a major clean-up of spec file to remove all outdated macros - Introduce extra schema files from OpenLDAP distribution with extra-schema.tgz and LICENSE.openldap ------------------------------------------------------------------- Sat May 27 08:46:54 UTC 2017 - mrueckert@suse.de - update to 1.3.6.6 - Ticket 49157 - fix error in ds-logpipe.py - Ticket 48864 - remove config.h from spal header. - Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework report format - Ticket 49261 - Fix script usage and man pages - Ticket 49238 - AddressSanitizer: heap-use-after-free in libreplication - Ticket 48864 - Fix FreeIPA build - Ticket 49257 - Reject dbcachesize updates while auto cache sizing is enabled - Ticket 49249 - cos_cache is erroneously logging schema checking failure - Ticket 49258 - Allow nsslapd-cache-autosize to be modified while the server is running - Ticket 49247 - resolve build issues on debian - Ticket 49246 - ns-slapd crashes in role cache creation - Ticket 49157 - ds-logpipe.py crashes for non-existing users - Ticket 49241 - Update man page and usage for db2bak.pl - Ticket 49075 - Adjust logging severity levels - Ticket 47662 - db2index not properly evaluating arguments - Ticket 48989 - fix perf counters - changes from 1.3.6.5 - Ticket 49231 - fix sasl mech handling - Ticket 49233 - Fix crash in persistent search - Ticket 49230 - slapi_register_plugin creates config entry where it should not - Ticket 49135 - PBKDF2 should determine rounds at startup - Ticket 49236 - Fix CI Tests - Ticket 48310 - entry distribution should be case insensitive - Ticket 49224 - without –prefix, $prefixdir would be NONE in defaults. - drop 9563d299.patch: included upstream ------------------------------------------------------------------- Fri May 19 10:32:03 UTC 2017 - mrueckert@suse.de - added 9563d299.patch to fix building slapi-nis and freeipa ------------------------------------------------------------------- Thu May 11 11:01:05 UTC 2017 - jengelh@inai.de - Do not suppress errors from user/group creation. Add some safety quoting here and there. ------------------------------------------------------------------- Thu Apr 27 21:02:04 UTC 2017 - mrueckert@suse.de - update to 1.3.6.4 - Ticket 49228 - Fix SSE4.2 detection. - Ticket 49229 - Correct issues in latest commits - Ticket 49226 - Memory leak in ldap-agent-bin - Ticket 49214 - Implement htree concept - Ticket 49119 - Cleanup configure.ac options and defines - Ticket 49097 - whitespace fixes for pblock change - Ticket 49097 - Pblock get/set cleanup - Ticket 49222 - Resolve various test issues on rawhide - Issue 48978 - Fix the emergency logging functions severity levels - Issue 49227 - ldapsearch for nsslapd-errorlog-level returns incorrect values - Ticket 49041 - nss won’t start if sql db type set - Ticket 49223 - Fix sds queue locking - Issue 49204 - Fix 32bit arch build failures - Issue 49204 - Need to update function declaration - Ticket 49204 - Fix lower bounds on import autosize + On small VM, autotune breaks the access of the suffixes - Issue 49221 - During an upgrade the provided localhost name is ignored - Issue 49220 - Remote crash via crafted LDAP messages (SECURITY FIX) - Ticket 49184 - Overflow in memberof - Ticket 48050 - Add account policy tests to plugins test suite - Ticket 49207 - Supply docker POC build for DS. - Issue 47662 - CLI args get removed - Issue 49210 - Fix regression when checking is password min age should be checked - Ticket 48864 - Add cgroup memory limit detection to 389-ds - Issue 48085 - Expand the repl acceptance test suite - Ticket 49209 - Hang due to omitted replica lock release - Ticket 48864 - Cleanup memory detection before we add cgroup support - Ticket 48864 - Cleanup up broken format macros and imports - Ticket 49153 - Remove vacuum lock on transaction cleanup - Ticket 49200 - provide minimal dse.ldif for python installer - Issue 49205 - Fix logconv.pl man page - Issue 49177 - Fix pkg-config file - Issue 49035 - dbmon.sh shows pages-in-use that exceeds the cache size - Ticket 48432 - Linux capabilities on ns-slapd - Ticket 49196 - Autotune generates crit messages - Ticket 49194 - Lower default ioblock timeout - Ticket 49193 - gcc7 warning fixes - Issue 49039 - password min age should be ignored if password needs to be reset - Ticket 48989 - Re-implement lock counter - Issue 49192 - Deleting suffix can hang server - Issue 49156 - Modify token :assert: to :expectedresults: - Ticket 48989 - missing return in counter - Ticket 48989 - Improve counter overflow fix - Ticket 49190 - Upgrade lfds to 7.1.1 - Ticket 49187 - Fix attribute definition - Ticket 49185 - Fix memleak in compute init ------------------------------------------------------------------- Fri Mar 24 13:42:40 UTC 2017 - mrueckert@suse.de - update to 1.3.6.3 This release contains security and bug fixes and a few enhancements. - Issue 49177 - rpm would not create valid pkgconfig files(pt2) - Issue 49186 - Fix NS to improve shutdown relability - Issue 49174 - nunc-stans can not use negative timeout - Issue 49076 - To debug DB_DEADLOCK condition, allow to reset DB_TXN_NOWAIT flag on txn_begin - Issue 49188 - retrocl can crash server at shutdown - Issue 47840 - Add setup_ds test suite - Fix srvcore version dependancy - Issue 48989 - Overflow in counters and monitor - Issue 49095 - targetattr wildcard evaluation is incorrectly case sensitive - Issue 49177 - rpm would not create valid pkgconfig files - Issue 49176 - Remove tcmalloc restriction from s390x - Issue 49157 - ds-logpipe.py crashes for non-existing users - Issue 49065 - dbmon.sh fails if you have nsslapd-require-secure-binds enabled - Issue 49095 - Fix double-free in _cl5NewDBFile() error path - Issue 49169 - Fix covscan errors(regression) - Issue 49172 - Fix test schema files - Issue 49171 - Nunc Stans incorrectly reports a timeout - Issue 49169 - Fix covscan errors - Issue 49164 - Change NS to acq-rel semantics for atomics - Issue 49154 - Nunc Stans stress should assert it has 95% success rate - Issue 49165 - pw_verify did not handle external auth - Issue 49062 - Reset agmt update staus and total init - Issue 49151 - Remove defunct selinux policy - add BR for autoconf, autotool, libtool as upstream doesn't ship a prebuilt configure anymore - import BR from nunc-stans as it is intree now: libtevent-devel libtalloc-devel libevent-devel - added BR for doxygen to build doxygen - enable auto-dn-suffix feature ------------------------------------------------------------------- Mon Feb 20 12:49:23 UTC 2017 - mrueckert@suse.de - fix build on factory: libsystemd-* libs got merged into libsystemd. ------------------------------------------------------------------- Wed Dec 21 15:48:51 UTC 2016 - mrueckert@suse.de - update to 1.3.5.15 - bz1358565 - Clear and unsalted password types are vulnerable to timing attack (SECURITY FIX) - Ticket 49016 - (un)register/migration/remove may fail if there is no suffix on ‘userRoot’ backend - Ticket 48328 - Add missing dependency - Ticket 49009 - args debug logging must be more restrictive - Ticket 49014 - ns-accountstatus.pl shows wrong status for accounts inactivated by Account policy plugin - Ticket 47703 - remove search limit for aci group evaluation - Ticket 48909 - Replication stops working in FIPS mode - changes in 1.3.5.14 - Ticket 48992 - Total init may fail if the pushed schema is rejected - Ticket 48832 - Fix CI test suite for password min age - Ticket 48983 - Configure and Makefile.in from new default paths work. - Ticket 48983 - Configure and Makefile.in from new default paths work. - Ticket 48983 - generate install path info from autotools scripts - Ticket 48944 - on a read only replica invalid state info can accumulate - Ticket 48766 - use a consumer maxcsn only as anchor if supplier is more advanced - Ticket 48921 - CI Replication stress tests have limits set too low - Ticket 48969 - nsslapd-auditfaillog always has an explicit path - Ticket 48957 - Update repl-monitor to handle new status messages - Ticket 48832 - Fix CI tests - Ticket 48975 - Disabling CLEAR password storage scheme will crash server when setting a password - Ticket 48369 - Add CI test suite - Ticket 48970 - Serverside sorting crashes the server - Ticket 48972 - remove old pwp code that adds/removes ACIs - Ticket 48957 - set proper update status to replication agreement in case of failure - Ticket 48950 - Add systemd warning to the LD_PRELOAD example in /etc/sysconfig/dirsrv - provide backend dir in suffix template - Ticket 48953 - Skip labelling and unlabelling ports during the test - Ticket 48967 - Add CI test and refactor test suite - Ticket 48967 - passwordMinAge attribute doesn’t limit the minimum age of the password - Fix jenkins warnings about unused vars - Ticket 48402 - v3 allow plugins to detect a restore or import - Ticket #48969 - nsslapd-auditfaillog always has an explicit path - Ticket 48964 - cleanAllRUV changelog purging incorrectly processes all backends - Ticket 48965 - Fix building rpms using rpm.mk - Ticket 48965 - Fix generation of the pre-release version - Bugzilla 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option - Ticket 48960 - Crash in import_wait_for_space_in_fifo(). - Ticket 48832 - Fix more CI test failures - Ticket 48958 - Audit fail log doesn’t work if audit log disabled. - Ticket 48956 - ns-accountstatus.pl showing “activated” user even if it is inactivated - Ticket 48954 - replication fails because anchorcsn cannot be found - Ticket 48832 - Fix CI tests failures from jenkins server - Ticket 48950 - Change example in /etc/sysconfig/dirsrv to use tcmalloc ------------------------------------------------------------------- Sat Nov 19 21:02:06 UTC 2016 - aj@ajaissle.de - New upstream release 1.3.4.14 ------------------------------------------------------------------- Mon Sep 5 13:13:06 UTC 2016 - mrueckert@suse.de - update to 1.3.5.13 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc. - Ticket 47538 - Fix repl-monitor color and lag times - Ticket 47538 - repl-monitor.pl legend not properly sorted - Ticket 47538 - repl-monitor.pl not displaying correct color code for lag time - Ticket 47664 - Move CI test to the pr suite and refactor - Ticket 47824 - Remove CI test from tickets and add logging - Ticket 47911 - split out snmp agent into a subpackage - Ticket 47976 - Add fixed CI test case - Ticket 47982 - Fix log hr timestamps when invalid value is set in cn=config - Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the status of the directory server instance. - Ticket 48191 - Move CI test to the pr suite and refactor - Ticket 48234 - “matching rules” in ACI’s “bind rules not fully evaluated - Ticket 48234 - CI test: test case for ticket 48234 - Ticket 48275 - search returns no entry when OR filter component contains non readable attribute - Ticket 48326 - Move CI test to config test suite and refactor - Ticket 48336 - Missing semanage dependency - Ticket 48336 - setup-ds should detect if port is already defined - Ticket 48346 - ldaputil code cleanup - Ticket 48346 - log too verbose when re-acquiring expired ticket - Ticket 48354 - Review of default ACI in the directory server - Ticket 48363 - CI test - add test suite - Ticket 48366 - proxyauth does not work bound as directory manager - Ticket 48404 - libslapd owned by libs and devel - Ticket 48449 - Import readNSState from richm’s repo - Ticket 48449 - Import readNSState.py from RichM’s repo - Ticket 48450 - Add prestart work around for systemd ask password - Ticket 48450 - Autotools components for ds_systemd_ask_password_acl - Ticket 48617 - Coverity fixes - Ticket 48636 - Fix config validation check - Ticket 48636 - Improve replication convergence - Ticket 48637 - DN cache is not always updated when ADD operation fails - Ticket 48743 - If a cipher is disabled do not attempt to look it up - Ticket 48745 - Matching Rule caseExactIA5Match indexes incorrectly values with upper cases - Ticket 48745 - Matching Rule caseExactIA5Match indexes incorrectly values with upper cases - Ticket 48747 - dirsrv service fails to start when nsslapd-listenhost is configured - Ticket 48752 - Page result search should return empty cookie if there is no returned entry - Ticket 48752 - Add CI test - Ticket 48754 - ldclt should support -H - Ticket 48755 - moving an entry could make the online init fail - Ticket 48755 - CI test: test case for ticket 48755 - Ticket 48766 - Replication changelog can incorrectly skip over updates - Ticket 48767 - flow control in replication also blocks receiving results - Ticket 48795 - Make various improvements to create_test.py - Ticket 48799 - Test cases for objectClass values being dropped. - Ticket 48815 - ns-accountstatus.pl - fix DN normalization - Ticket 48832 - Fix timing and localhost issues - Ticket 48832 - CI tests - Ticket 48833 - 389 showing inconsistent values for shadowMax and shadowWarning in 1.3.5.1 - Ticket 48834 - Fix jenkins: discared qualifier on auditlog.c - Ticket 48834 - Modifier’s name is not recorded in the audit log with modrdn and moddn operations - Ticket 48844 - Regression introduced in matching rules by DS 48746 - Ticket 48846 - 32 bit systems set low vmsize - Ticket 48846 - Older kernels do not expose memavailable - Ticket 48846 - Rlimit checks should detect RLIM_INFINITY - Ticket 48848 - modrdn deleteoldrdn can fail to find old attribute value, perhaps due to case folding - Ticket 48849 - Systemd introduced incompatible changes that breaks ds build - Ticket 48850 - Correct memory leaks in pwdhash-bin and ns-slapd - Ticket 48854 - Running db2index with no options breaks replication - Ticket 48855 - Add basic pwdPolicy tests - Ticket 48858 - Segfault changing nsslapd-rootpw - Ticket 48862 - At startup DES to AES password conversion causes timeout in start script - Ticket 48863 - remove check for vmsize from util_info_sys_pages - Ticket 48870 - Correct plugin execution order due to changes in exop - Ticket 48872 - Fix segfault and use after free in plugin shutdown - Ticket 48873 - Backend should accept the reduced cache allocation when issane == 1 - Ticket 48877 - Fixes for RPM spec with spectool - Ticket 48880 - adding pre/post extop ability - Ticket 48882 - server can hang in connection list processing - Ticket 48889 - ldclt - fix man page and usage info - Ticket 48891 - ns-slapd crashes during the shutdown after adding attribute with a matching rule - Ticket 48892 - Wrong result code display in audit-failure log - Ticket 48893 - cn=config should not have readable components to anonymous - Ticket 48895 - tests package should be noarch - Ticket 48898 - Crash during shutdown if nunc-stans is enabled - Ticket 48899 - Values of dbcachetries/dbcachehits in cn=monitor could overflow. - Ticket 48900 - Add connection perf stats to logconv.pl - Ticket 48902 - Strdup pwdstoragescheme name to prevent misbehaving plugins - Ticket 48904 - syncrepl search returning error 329; plugin sending a bad error code - Ticket 48905 - coverity defects - Ticket 48912 - ntUserNtPassword schema - Ticket 48914 - db2bak.pl task enters infinitive loop when bak fs is almost full - Ticket 48916 - DNA Threshold set to 0 causes SIGFPE - Ticket 48918 - Upgrade to 389-ds-base >= 1.3.5.5 doesn’t install 389-ds-base-snmp - Ticket 48919 - Compiler warnings while building 389-ds-base on RHEL7 - Ticket 48920 - Memory leak in pwdhash-bin - Ticket 48921 - Adding replication and reliability tests - Ticket 48922 - Fix crash when deleting backend while import is running - Ticket 48924 - Fixup tombstone task needs to set proper flag when updating tombstones - Ticket 48925 - slapd crash with SIGILL: Dsktune should detect lack of CMPXCHG16B - Ticket 48928 - log of page result cookie should log empty cookie with a different value than 0 - Ticket 48930 - Paged result search can hang the server - Ticket 48934 - remove-ds.pl deletes an instance even if wrong prefix was specified - Ticket 48935 - Update dirsrv.systemd file - Ticket 48936 - Duplicate collation entries - Ticket 48939 - nsslapd-workingdir is empty when ns-slapd is started by systemd - Ticket 48940 - DS logs have warning:ancestorid not indexed - Ticket 48943 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password - Ticket 48943 - Add CI Test for the password test suite ------------------------------------------------------------------- Wed Jun 29 13:11:38 UTC 2016 - mrueckert@suse.de - update to 1.3.5.4 - Ticket 48836 - replication session fails because of permission denied - Ticket 48837 - Replication: total init aborted - Ticket 48617 - Server ram checks work in isolation - Ticket 48220 - The “repl-monitor” web page does not display “year” in date. - Ticket 48829 - Add gssapi sasl replication bind test - Ticket 48497 - uncomment pytest from CI test - Ticket 48828 - db2ldif is not taking into account multiple suffixes or backends - Ticket 48818 - Fix case where return code is always -1 - Ticket 48826 - 52updateAESplugin.pl may fail on older versions of perl - Ticket 48825 - Configure make generate invalid makefile - changes from 1.3.5.3 - Ticket 47536 - Allow usage of OpenLDAP libraries that don’t use NSS for crypto - Ticket 47536 - CI test: added test cases for ticket 47536 - Ticket 47840 - default instance scripts if undefined. - Ticket 47888 - Add CI test - Ticket 47888 - DES to AES password conversion fails if a backend is empty - Ticket 47951 - Fix startpid from altering dev/null - Ticket 47968 - Disable journald logs by default - Ticket 47982 - HR Log timers, regression fix for subsystem logging - Ticket 48078 - CI test - paged_results - TET part - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the status of the directory server instance. - Ticket 48269 - ns-accountstatus status message improvement - Ticket 48342 - DNA: deadlock during DNA_EXTEND_EXOP_REQUEST_OID - Ticket 48342 - DNA Deadlock test cases - Ticket 48342 - Prevent transaction abort if a transaction has not begun - Ticket 48350 - Integrate ASAN into our rpm build process - Ticket 48374 - entry cache locks not released in error conditions - Ticket 48410 - 389-ds-base - Unable to remove / unregister a DS instance from admin server - Ticket 48447 - with-initddir should accept no - Ticket 48450 - Systemd password agent support - Ticket 48492 - heap corruption at schema replication. - Ticket 48597 - Deadlock when rebuilding the group of authorized replication managers - Ticket 48662 - db2index with no attribute args fail. - Ticket 48710 - auto-dn-suffix unrecognized option - Ticket 48769 - Fix white space in extendedop.c - Ticket 48769 - RFE: Be_txn extended operation plugin type - Ticket 48770 - Improve extended op plugin handling - Ticket 48775 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged. - Ticket 48779 - Remove startpidfile check in start-dirsrv - Ticket 48781 - Vague error message: setup_ol_tls_conn - failed: unable to create new TLS context - Ticket 48782 - Make sure that when LDAP_OPT_X_TLS_NEWCTX is set, the value is set to zero. - Ticket 48783 - Fix ns-accountstatus.pl syntax error - Ticket 48784 - CI test: added test cases for ticket 48784 - Ticket 48784 - Make the SSL version set to the client library configurable. - Ticket 48798 - Enable DS to offer weaker DH params in NSS - Ticket 48799 - objectclass values could be dropped on the consumer - Ticket 48800 - Cleaning up error buffers - Ticket 48801 - ASAN errors during tests - Ticket 48802 - Compilation warnings from clang - Ticket 48808 - Add test case - Ticket 48808 - Paged results search returns the blank list of entries - Ticket 48813 - password history is not updated when an admin resets the password - Ticket 48815 - ns-accountstatus.sh does handle DN’s with single quotes - Ticket 48818 - In docker, no one can hear your process hang. - Ticket 48822 - (389-ds-base-1.3.5) Fixing coverity issues. - Ticket 48824 - Cleanup rpm.mk and 389 specfile - enable nunc-stans ------------------------------------------------------------------- Fri Apr 29 00:51:36 UTC 2016 - mrueckert@suse.de - should also define the username ------------------------------------------------------------------- Fri Apr 29 00:27:43 UTC 2016 - mrueckert@suse.de - fix building systemd stuff - create user and home directory for it ------------------------------------------------------------------- Thu Apr 14 01:52:13 UTC 2016 - mrueckert@suse.de - limit gcc_security to TW. it enables compiler options not supported on leap e.g. ------------------------------------------------------------------- Thu Apr 14 01:41:49 UTC 2016 - mrueckert@suse.de - enable more gcc security features - enable selinux - fix the systemd options to actually pass some variable and also set the tmpfiles path ------------------------------------------------------------------- Thu Apr 14 01:23:51 UTC 2016 - mrueckert@suse.de - update to 1.3.5.1 - Ticket 47982 - improve timestamp resolution in logs - Ticket 48759 - no plugin calls in tombstone purging - Ticket 48665 - Prevent sefault in ldbm_instance_modify_config_entry - Ticket 48757 - License tag does not match actual license of code - Ticket 48746 - Crash when indexing an attribute with a matching rule - Ticket 48497 - extended search without MR indexed attribute prevents later indexing with that MR - Ticket 48368 - Resolve the py.test conflicts with the create_test.py issue - Ticket 48748 - Fix memory_leaks test suite teardown failure - Ticket 48383 - import tasks with dynamic buffer sizes - Ticket 48420 - change severity of some messages related to "keep alive" entries - Ticket 48386 - Clean up dsktune code - Ticket 48537 - undefined reference to `abstraction_increment' - Ticket 48747 - dirsrv service fails to start when nsslapd-listenhost is configured - changes from 1.3.5.0 - Ticket 132 - Makefile.am must include header files and template scripts - Ticket 142 - [RFE] Default password syntax settings don't work with fine-grained policies - Ticket 548 - RFE: Allow AD password sync to update shadowLastChange - Ticket 47788 - Only check postop result if its a replication operation - Ticket 47840 - add configure option to disable instance specific scripts - Ticket 47968 - [RFE] Send logs to journald - Ticket 47977 - [RFE] Implement sd_notify mechanism - Ticket 48016 - search, matching rules and filter error "unsupported type 0xA9" - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the status of the directory server instance. - Ticket 48145 - RFE Add log file for rejected changes - Ticket 48147 - Unable to enable DS service for auto start - Ticket 48151 - Improve CleanAllRUV task logging - Ticket 48218 - cleanAllRUV - modify the existing "force" option to bypass the "replica online" checks - Ticket 48244 - No validation check for the value for nsslapd-db-locks. - Ticket 48257 - Fix coverity issues - 08/24/2015 - Ticket 48263 - allow plugins to detect tombstone operations - Ticket 48269 - RFE: need an easy way to detect locked accounts locked by inactivity. - Ticket 48270 - fail to index an attribute with a specific matching rule/48269 - Ticket 48280 - enable logging of internal ops in the audit log - Ticket 48285 - The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid - Ticket 48289 - 389-ds-base: ldclt-bin killed by SIGSEGV - Ticket 48290 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers - Ticket 48294 - Linked Attributes plug-in - won't update links after MODRDN operation - Ticket 48295 - Entry cache is not rolled back -- Linked Attributes plug-in - wrong behaviour when adding valid and broken links - Ticket 48311 - nunc-stans: Attempt to release connection that is not acquired - Ticket 48317 - SELinux port labeling retry attempts are excessive - Ticket 48326 - [RFE] it could be nice to have nsslapd-maxbersize default to bigger than 2Mb - Ticket 48350 - configure.ac add options for debbuging and security analysis / hardening. - Ticket 48351 - Fix buffer overflow error when reading url with len 0 - Ticket 48363 - Support for rfc3673 '+' to return operational attributes - Ticket 48369 - [RFE] response control for password age should be sent by default by RHDS - Ticket 48384 - Server startup should warn about values consuming too much ram - Ticket 48387 - ASAN invalid read in cos_cache.c - Ticket 48394 - lower password history minimum to 1 - Ticket 48395 - ASAN - Use after free in uiduniq 7bit.c - Ticket 48398 - Coverity defect 13352 - Resource leak in auditlog.c - Ticket 48400 - ldclt - segmentation fault error while binding - Ticket 48445 - keep alive entries can break replication - Ticket 48446 - logconv.pl displays negative operation speeds - Ticket 48566 - acl.c attrFilterArray maybe uninitialised. - Ticket 48662 - db2index with no attribute args fail. ------------------------------------------------------------------- Tue Mar 1 16:39:06 UTC 2016 - claes.backstrom@opensuse.org - Update to new upstream release 1.3.4.8 * Various bugs are fixed ------------------------------------------------------------------- Fri Nov 20 10:49:42 UTC 2015 - aj@ajaissle.de - Update to new upstream release 1.3.4.5 * Various bugs are fixed ------------------------------------------------------------------- Mon Sep 14 08:50:01 UTC 2015 - hguo@suse.com - Upgrade from 1.3.3.13 to 1.3.4.4 with accumulated bugfixes. ------------------------------------------------------------------- Wed Sep 9 11:07:09 UTC 2015 - aj@ajaissle.de - Update to new upstream release 1.3.3.13 - Removed 389-ds-1.3.3.11-CVE-2015-3230.patch (included upstream) ------------------------------------------------------------------- Wed Jun 17 09:38:48 UTC 2015 - aj@ajaissle.de - Update to new upstream release 1.3.3.11 - Added 389-ds-1.3.3.11-CVE-2015-3230.patch: nsSSL3Ciphers preference not enforced on server side [boo#934934] [CVE-2015-3230] ------------------------------------------------------------------- Wed Apr 29 10:17:58 UTC 2015 - aj@ajaissle.de - Update to new upstream release 1.3.3.10 * One important security bug was fixed: Bug 1216203 - CVE-2015-1854 389ds-base: access control bypass with modrdn ------------------------------------------------------------------- Wed Apr 15 09:05:08 UTC 2015 - jengelh@inai.de - Simplify filelist ------------------------------------------------------------------- Mon Apr 13 19:30:00 UTC 2015 - aj@ajaissle.de - Move bin/ and sbin/ to /usr/lib/389-ds/bin resp. sbin/ - Removed conflict with atheme ------------------------------------------------------------------- Sat Mar 28 10:34:43 UTC 2015 - aj@ajaissle.de - Update to new upstream release 1.3.3.9 * Several bugs are fixed including 2 security bugs Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all] Ticket 47431 - Duplicate values for the attribute nsslapd-pluginarg are not handled correctly Ticket 47451 - dynamic plugins - fix crash caused by invalid plugin config Ticket 47728 - compilation failed with ' incomplete struct/union/enum' if not set USE_POSIX_RWLOCKS Ticket 47742 - 64bit problem on big endian: auth method not supported Ticket 47801 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown Ticket 47828 - DNA scope: allow to exlude some subtrees Ticket 47836 - Do not return '0' as empty fallback value of nsds5replicalastupdatestart and nsds5replicalastupdatestart Ticket 47901 - After total init, nsds5replicaLastInitStatus can report an erroneous error status (like 'Referral') Ticket 47936 - Create a global lock to serialize write operations over several backends Ticket 47957 - Make ReplicaWaitForAsyncResults configurable Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD Ticket 48003 - add template scripts Ticket 48003 - build "suite" framework Ticket 48005 - ns-slapd crash in shutdown phase Ticket 48021 - nsDS5ReplicaBindDNGroup checkinterval not working properly Ticket 48027 - revise the rootdn plugin configuration validation Ticket 48030 - spec file should run "systemctl stop" against each running instance instead of dirsrv.target Ticket 48048 - Fix coverity issues - 2015/2/24 Ticket 48048 - Fix coverity issues - 2015/3/1 Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) ------------------------------------------------------------------- Wed Dec 24 21:05:17 UTC 2014 - aj@ajaissle.de - Conflicts with atheme -- /usr/sbin/dbverify ------------------------------------------------------------------- Tue Dec 9 15:41:21 UTC 2014 - aj@ajaissle.de - Update to new upstream release 1.3.3.5 * Several bugs are fixed. ------------------------------------------------------------------- Tue Sep 9 09:50:20 UTC 2014 - aj@ajaissle.de - Update to new upstream release 1.3.3.0 * First cut of 389-ds-base-1.3.3.x ------------------------------------------------------------------- Fri Aug 29 10:38:51 UTC 2014 - aj@ajaissle.de - Update to new upstream release 1.3.2.23 * Various bugs were fixed - Highlights since 1.3.2.16: * Important bugs including memory leaks and crash bugs were fixed (1.3.2.17) * Various bugs were fixed (1.3.2.18) * Various bugs were fixed (1.3.2.19) * A security bug was fixed (1.3.2.22) ------------------------------------------------------------------- Thu Mar 27 12:20:23 UTC 2014 - aj@ajaissle.de - Update to new upstream release 1.3.2.16 * Directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind * Create a normalized dn cache * Replication retry time attributes cannot be added * Empty control list causes LDAP protocol error is thrown (dup 47361) * Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version * Windows Sync group issues * Size returned by slapi_entry_size is not accurate * Single valued attribute replicated ADD does not work * Environment variables are not passed when DS is started via service * Propagate plugin precedence to all registered function types * Unresolved external symbol references break loading of the ACL plugin * Package issue in 389-ds-base - Fix unresolveable 'Requires:' * perl(Mozilla:LDAP) -> perl(Mozilla::LDAP::API), perl(Mozilla::LDAP::Conn), perl(Mozilla::LDAP::Entry), perl(Mozilla::LDAP::LDIF), perl(Mozilla::LDAP::Utils) * cyrus-sasl-md5 -> cyrus-sasl-digestmd5 - Macros for dirsrv-snmp in pre/post/preun/postun ------------------------------------------------------------------- Mon Feb 17 08:59:04 UTC 2014 - aj@ajaissle.de - Update to new upstream release 1.3.2.11 * Enhancement: ACL supports new keyword SELFDN as in "<userattr> = <attribute>#SELFDN" to allow users to create entries assigned to themselves. Also handling subtype in ACL is improved. * A dozen of bugs are fixed including a crash bug and a deadlock. - Spec cleanup * enable init scripts for openSUSE < 1220 (e.g. SLES) * dirsrv.target.wants goes into unitdir * Added a 389-ds-rpmlintrc - Added 389-ds-base-1.3.2.11_init_fhs.patch * Make init scripts LSB conform ------------------------------------------------------------------- Fri Dec 27 02:28:55 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.3.2.10 * Suffixes used in the memberof and referential integrity plug-ins are now configurable. * The hard-coded limit of 64 masters was removed. * Enhancements: plug-in library path validation, replication logging, changelog trimming interval, and referential integrity. ------------------------------------------------------------------- Fri Aug 2 10:05:12 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.3.1.5 * Plug-in transaction support * Normalized DN cache * Configurable allowed SASL mechanisms * SASL mapping improvements * Configurable SASL buffer * Replication retry settings * Instance script improvements * Access log analyzer improvements * Performance improvements ------------------------------------------------------------------- Mon Mar 11 11:47:45 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.3.0.3 * No NEWS file available; SCM changelog entries at http://port389.org/wiki/Releases/1.3.0.2#New_features_.2F_Fixed_bugs_in_1.3.0 ------------------------------------------------------------------- Wed Sep 26 11:06:01 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.2.11.15 * This is a bugfix release to CLEANALLRUV, userpassword, schema reloading and others. ------------------------------------------------------------------- Mon Sep 17 09:26:12 UTC 2012 - jengelh@inai.de - Initial package (version 1.2.11.12) for build.opensuse.org
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor