From d13a8bd2757480c431a9ed9626f255e04e5a2481 Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Oct 02 2013 15:26:41 +0000 Subject: the 1.2.11.23 release - Ticket #422 - 389-ds-base - Can't call method "getText" - Ticket 47509 - CLEANALLRUV doesnt run across all replicas - Ticket 47533 logconv: some stats do not work across server restarts - Ticket #47501 logconv.pl uses /var/tmp for BDB temp files - Ticket 47520 - Fix various issues with logconv.pl - Ticket #47387 - improve logconv.pl performance with large access logs - Ticket 47354 - Indexed search are logged with 'notes=U' in the access logs - Ticket 47461 - logconv.pl - Use of comma-less variable list is deprecated - Ticket 47447 - logconv.pl man page missing -m,-M,-B,-D - Ticket #47348 - add etimes to per second/minute stats - Ticket #47341 - logconv.pl -m time calculation is wrong - Ticket #47336 - logconv.pl -m not working for all stats - Ticket 611 - logconv.pl missing stats for StartTLS, LDAPI, and AUTOBIND - TIcket 419 - logconv.pl - improve memory management - Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used - Ticket 539 - logconv.pl should handle microsecond timing - Ticket #356 - RFE - Track bind info - Ticket #47534 - RUV tombstone search with scope "one" doesn`t work - Ticket 47489 - Under specific values of nsDS5ReplicaName, replication may get broken or updates missing - Ticket #47523 - Set up replcation/agreement before initializing the sub suffix, the sub suffix is not found by ldapsearch - Ticket #47504 idlistscanlimit per index/type/value - Ticket #47492 - PassSync removes User must change password flag on the Windows side - Ticket #47516 replication stops with excessive clock skew - Bug 999634 - ns-slapd crash due to bogus DN --- diff --git a/.gitignore b/.gitignore index 38f830d..b7c2c57 100644 --- a/.gitignore +++ b/.gitignore @@ -51,3 +51,4 @@ /389-ds-base-1.2.10.12.tar.bz2 /389-ds-base-1.2.10.13.tar.bz2 /389-ds-base-1.2.10.14.tar.bz2 +/389-ds-base-1.2.11.23.tar.bz2 diff --git a/389-ds-base-git-local.sh b/389-ds-base-git-local.sh index b969ef4..9df807e 100644 --- a/389-ds-base-git-local.sh +++ b/389-ds-base-git-local.sh @@ -2,14 +2,14 @@ DATE=`date +%Y%m%d` # use a real tag name here -VERSION=1.2.10.26 +VERSION=1.2.11.23 PKGNAME=389-ds-base TAG=${TAG:-$PKGNAME-$VERSION} #SRCNAME=$PKGNAME-$VERSION-$DATE SRCNAME=$PKGNAME-$VERSION -echo you must be in the ds git repo to use this test -d .git || { + echo you must be in the ds git repo to use this echo bye exit 1 } diff --git a/389-ds-base-git.sh b/389-ds-base-git.sh index 8a3d5ed..dcdc643 100644 --- a/389-ds-base-git.sh +++ b/389-ds-base-git.sh @@ -2,7 +2,7 @@ DATE=`date +%Y%m%d` # use a real tag name here -VERSION=1.2.10.26 +VERSION=1.2.11.23 PKGNAME=389-ds-base TAG=${TAG:-$PKGNAME-$VERSION} URL="http://git.fedorahosted.org/git/?p=389/ds.git;a=snapshot;h=$TAG;sf=tgz" diff --git a/389-ds-base.spec b/389-ds-base.spec index 3a0c254..45a0818 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -3,26 +3,31 @@ # for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release # also remove the space between % and global - this space is needed because # fedpkg verrel stupidly ignores comment lines -# % global prerel .rc1 +# % global prerel .a1 # also need the relprefix field for a pre-release e.g. .0 - also comment out for official release # % global relprefix 0. %global use_openldap 1 +%global use_db4 1 +# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. +%global use_Socket6 1 -# fedora 15 and later uses tmpfiles.d -# otherwise, comment this out +# if system doesn't support tmpfiles.d, comment this out #%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} +# systemd support +%global groupname %{pkgname}.target + Summary: 389 Directory Server (base) Name: 389-ds-base -Version: 1.2.10.26 +Version: 1.2.11.23 Release: %{?relprefix}1%{?prerel}%{?dist} License: GPLv2 with exceptions URL: http://port389.org/ Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: %{name}-libs = %{version}-%{release} -Provides: ldif2ldbm +Provides: ldif2ldbm BuildRequires: nspr-devel BuildRequires: nss-devel @@ -32,11 +37,16 @@ BuildRequires: openldap-devel %else BuildRequires: mozldap-devel %endif +%if %{use_db4} BuildRequires: db4-devel +%else +BuildRequires: libdb-devel +%endif BuildRequires: cyrus-sasl-devel BuildRequires: icu BuildRequires: libicu-devel BuildRequires: pcre-devel +BuildRequires: gcc-c++ # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel %ifnarch sparc sparc64 ppc ppc64 s390 s390x @@ -71,14 +81,23 @@ Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-md5 # this is needed for verify-db.pl +%if %{use_db4} Requires: db4-utils +%else +Requires: libdb-utils +%endif + +# for setup-ds.pl to support ipv6 +%if %{use_Socket6} +Requires: perl-Socket6 +%else +Requires: perl-Socket +%endif +Requires: perl-NetAddr-IP # This picks up libperl.so as a Requires, so we add this versioned one Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) -# This is for the fedora-ds -> 389 run level hack -Requires(post): /sbin/service - # for the init script Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig @@ -88,7 +107,6 @@ Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz # 389-ds-git.sh should be used to generate the source tarball from git Source1: %{name}-git.sh Source2: %{name}-devel.README -Patch0: 0000-Ticket-386-Overconsumption-of-memory-with-large-cach.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes @@ -105,7 +123,11 @@ BuildRequires: openldap-devel %else BuildRequires: mozldap-devel %endif +%if %{use_db4} BuildRequires: db4-devel +%else +BuildRequires: libdb-devel +%endif BuildRequires: cyrus-sasl-devel BuildRequires: libicu-devel BuildRequires: pcre-devel @@ -135,7 +157,6 @@ Development Libraries and headers for the 389 Directory Server base package. %prep %setup -q -n %{name}-%{version}%{?prerel} cp %{SOURCE2} README.devel -%patch0 -p1 %build %if %{use_openldap} @@ -255,7 +276,7 @@ fi %{_libdir}/%{pkgname}/plugins/*.so %dir %{_localstatedir}/lib/%{pkgname} %dir %{_localstatedir}/log/%{pkgname} -%dir %{_localstatedir}/lock/%{pkgname} +%ghost %dir %{_localstatedir}/lock/%{pkgname} %{_mandir}/man1/* %{_mandir}/man8/* @@ -273,72 +294,393 @@ fi %{_libdir}/%{pkgname}/libslapd.so.* %changelog -* Wed Jan 23 2013 Rich Megginson - 1.2.10.26-1 -- changes since 1.2.10.14 +* Wed Oct 2 2013 Rich Megginson - 1.2.11.23-1 +- Ticket #422 - 389-ds-base - Can't call method "getText" +- Ticket 47509 - CLEANALLRUV doesnt run across all replicas +- Ticket 47533 logconv: some stats do not work across server restarts +- Ticket #47501 logconv.pl uses /var/tmp for BDB temp files +- Ticket 47520 - Fix various issues with logconv.pl +- Ticket #47387 - improve logconv.pl performance with large access logs +- Ticket 47354 - Indexed search are logged with 'notes=U' in the access logs +- Ticket 47461 - logconv.pl - Use of comma-less variable list is deprecated +- Ticket 47447 - logconv.pl man page missing -m,-M,-B,-D +- Ticket #47348 - add etimes to per second/minute stats +- Ticket #47341 - logconv.pl -m time calculation is wrong +- Ticket #47336 - logconv.pl -m not working for all stats +- Ticket 611 - logconv.pl missing stats for StartTLS, LDAPI, and AUTOBIND +- TIcket 419 - logconv.pl - improve memory management +- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used +- Ticket 539 - logconv.pl should handle microsecond timing +- Ticket #356 - RFE - Track bind info +- Ticket #47534 - RUV tombstone search with scope "one" doesn`t work +- Ticket 47489 - Under specific values of nsDS5ReplicaName, replication may get broken or updates missing +- Ticket #47523 - Set up replcation/agreement before initializing the sub suffix, the sub suffix is not found by ldapsearch +- Ticket #47504 idlistscanlimit per index/type/value +- Ticket #47492 - PassSync removes User must change password flag on the Windows side +- Ticket #47516 replication stops with excessive clock skew +- Bug 999634 - ns-slapd crash due to bogus DN + +* Fri Aug 2 2013 Rich Megginson - 1.2.11.22-3 +- use socket6 instead of socket + +* Thu Aug 1 2013 Rich Megginson - 1.2.11.22-2 +- remove the dependency and conflict with selinux versions + +* Wed Jul 31 2013 Rich Megginson - 1.2.11.22-1 +- 89a98eb fix coverity 11895 - null deref - caused by fix to ticket 47392 +- 9750ea7 fix compiler warning in posix winsync code for posix_group_del_memberuid_callback +- 12d47a2 Fix compiler warnings for Ticket 47395 and 47397 +- d9a1c7b fix compiler warning +- 855d289 Ticket #543 - Sorting with attributes in ldapsearch gives incorrect result +- CVE-2013-2219 ACLs inoperative in some search scenarios +- Ticket #47378 - fix recent compiler warnings +- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold +- Ticket 47449 - deadlock after adding and deleting entries +- Ticket 47421 - memory leaks in set_krb5_creds +- Ticket 47441 - Disk Monitoring not checking filesystem with logs +- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold +- Ticket #47435 - Very large entryusn values after enabling the USN plugin and the lastusn value is negative. +- Ticket #47424 - Replication problem with add-delete requests on single-valued attributes +- Ticket #47428 - Memory leak in 389-ds-base 1.2.11.15 +- Ticket #47392 - ldbm errors when adding/modifying/deleting entries +- Ticket 47385 - Disk Monitoring is not triggered as expected. +- Ticket #47410 - changelog db deadlocks with DNA and replication +- Ticket #47409 - allow setting db deadlock rejection policy +- Ticket #47412 - Modify RUV should be serialized in ldbm_back_modify/add +- Ticket #47409 - allow setting db deadlock rejection policy +- Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization +- Ticket 47396 - crash on modrdn of tombstone +- Ticket 47395 47397 v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured +- Ticket #47402 - Attribute names are incorrect in search results +- Ticket #47391 - deleting and adding userpassword fails to update the password +- e3b8e2f Coverity Fixes (Part 7) +- Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3) +- Ticket #47375 - flush_ber error sending back start_tls response will deadlock +- Ticket #47377 - make listen backlog size configurable +- Ticket #47367 - (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry +- Ticket 47383 - connections attribute in cn=snmp,cn=monitor is counted twice +- Ticket 47385 - DS not shutting down when disk monitoring threshold is reached +- Ticket #47378 - fix recent compiler warnings +- 9ac276a Coverity Fixes (Part 5) +- 3ab5aba Coverity Fixes (Part 4) +- 36f2572 Coverity Fixes (Part 3) +- 41a8827 Coverity Fixes (Part 2) +- f771f95 Coverity Fixes (part 1) +- Ticket 580 - Wrong error code return when using EXTERNAL SASL and no client certificate +- Ticket #47349 - DS instance crashes under a high load +- Ticket #47359 - new ldap connections can block ldaps and ldapi connections +- Ticket #47327 - error syncing group if group member user is not synced +- Ticket #47362 - ipa upgrade selinuxusermap data not replicating +- Ticket 47361 - Empty control list causes LDAP protocol error is thrown +- Trac Ticket #531 - loading an entry from the database should use str2entry_fast +- Ticket #47347 - Simple paged results should support async search +- Ticket 623 - cleanAllRUV task fails to cleanup config upon completion +- 6abec15 Coverity fix 13139 - Dereference after NULL check in slapi_attr_value_normalize_ext() + +* Tue Apr 9 2013 Mark Reynolds - 1.2.11.21-1 +9a7ba7d bump verison to 1.2.11.21 +Ticket 47318 - server fails to start after upgrade(schema error) + +* Wed Mar 28 2013 Noriko Hosoi - 1.2.11.20-1 +46bfabb bump version to 1.2.11.20 +Ticket 623 - cleanAllRUV task fails to cleanup config upon completion +Ticket #47308 - unintended information exposure when anonymous access is set to rootdse +Ticket 628 - crash in aci evaluation +Ticket #627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so +Ticket #634 - Deadlock in DNA plug-in +f6a6514 Coverity issue 13091 +Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC +Ticket 623 - cleanAllRUV task fails to cleanup config upon completion + +* Mon Mar 11 2013 Mark Reynolds - 1.2.11.19-1 +c535f7d bump version to 1.2.11.19 +Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data +Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry +Ticket 518 - dse.ldif is 0 length after server kill or machine kill +Ticket #579 - Error messages encountered when using POSIX winsync +Ticket #576 - DNA: use event queue for config update only at the start up +Ticket 367 - Invalid chaining config triggers a disk full error and shutdown +Ticket 570 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled) +Bug 906005 - Valgrind reports memleak in modify_update_last_modified_attr +Ticket #572 - PamConfig schema not updated during upgrade + +* Thu Jan 24 2013 Mark Reynolds - 1.2.11.18-1 +12420d9 bump version to 1.2.11.18 +Ticket 556 - Don't overwrite certmap.conf during upgrade +Ticket 495 - 1.2.11 - plugin dn is missing from pblock +Ticket 549 - DNA plugin no longer reports additional info when range is depleted +Ticket 541 - need to set plugin as off in ldif template +Ticket 541 - RootDN Access Control plugin is missing after upgrade +Ticket 527 - ns-slapd segfaults if it cannot rename the logs +39b0938 Coverity Issues for 1.2.11 +Ticket 216 - disable replication agreements +Ticket 20 - Allow automember to work on entries that have already been added +7d22bc2 Coverity Fixes +Ticket 337 - improve CLEANRUV functionality +Ticket 495 - internalModifiersname not updated by DNA plugin +Ticket 517 - crash in DNA if no dnaMagicRegen is specified +Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry +Trac Ticket #519 - Search with a complex filter including range search is slow +Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error +Ticket #503 - Improve AD version in winsync log message +Trac Ticket #498 - Cannot abaondon simple paged result search +55997a6 Coverity defects +Trac Ticket #494 - slapd entered to infinite loop during new index addition +56ebbb2 Fixing compiler warnings in the posix-winsync plugin +a57d913 Coverity defects +Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h]) +Ticket 486 - nsslapd-enablePlugin should not be multivalued +Ticket 488 - Doc: DS error log messages with typo +Ticket #491 - multimaster_extop_cleanruv returns wrong error codes + +* Mon Dec 10 2012 Mark Reynolds - 1.2.11.17-1 +- 94d5ea3 bump verison to 1.2.11.17 +- Ticket 527 - ns-slapd segfaults if it cannot rename the logs +- 39b0938 Coverity Issues for 1.2.11 +- Ticket 216 - disable replication agreements +- Ticket 20 - Allow automember to work on entries that have already been added +- 7d22bc2 Coverity Fixes +- Ticket 337 - improve CLEANRUV functionality +- Ticket 495 - internalModifiersname not updated by DNA plugin +- Ticket 517 - crash in DNA if no dnaMagicRegen is specified - Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry -- Ticket #331 - transaction errors with db 4.3 and db 4.2 -- Ticket 332 - CLEANALLRUV 2.0 Testing -- Bug 866623 - RHDS crash when attempting to free an invalid pointer -- Ticket 403 - CLEANALLRUV - minor fixes and add support for replica-force-cleaning -- Trac Ticket #340 - Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl +- Trac Ticket #519 - Search with a complex filter including range search is slow +- Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error +- Ticket #503 - Improve AD version in winsync log message +- Trac Ticket #498 - Cannot abaondon simple paged result search +- 55997a6 Coverity defects +- Trac Ticket #494 - slapd entered to infinite loop during new index addition +- 56ebbb2 Fixing compiler warnings in the posix-winsync plugin +- a57d913 Coverity defects +- Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h]) +- Ticket 486 - nsslapd-enablePlugin should not be multivalued +- Ticket 488 - Doc: DS error log messages with typo - Ticket #491 - multimaster_extop_cleanruv returns wrong error codes -- 7bbaf35 COVERITY FIXES in replica_execute_cleanall_ruv_task -- 1f356fa CLEANALLRUV - remove calls to agmt_get_enabled because this feature is not in 1.2.10 -- Ticket 477 - CLEANALLRUV if there are only winsync agmts task will hang -- Ticket 467 - CLEANALLRUV abort task should be able to ignore down replicas -- Ticket 450 - CLEANALLRUV task gets stuck on winsync replication agreement -- 8545947 CLEANALLRUV coverity fixes -- Ticket 403 - fix CLEANALLRUV regression from last commit -- 4753f97 Update the slapi-plugin documentation on new slapi functions, and added a slapi function for checking on shutdowns -- b3f5a71 Coverity Fix -- Ticket 368 - Make the cleanAllRUV task one step -- Ticket #337 - Improve CLEANRUV task -- Ticket #353 - coverity 12625-12629 - leaks, dead code, unchecked return -* Thu Sep 6 2012 Rich Megginson - 1.2.10.14-2 -- Ticket #386 - Overconsumption of memory with large cache +* Wed Oct 10 2012 Noriko Hosoi - 1.2.11.16-1 +- Ticket 340 - Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl +- Ticket 446 - anonymous limits are being applied to directory manager +- Ticket 478 - passwordTrackUpdateTime stops working with subtree password policies +- Ticket 481 - expand nested posix groups +- Ticket 485 - Dirsrv deadlock locking up IPA -* Wed Jul 18 2012 Rich Megginson - 1.2.10.14-1 -- Ticket #410 - Referential integrity plug-in does not work when update interval is not zero - -* Mon Jul 16 2012 Rich Megginson - 1.2.10.13-1 -- Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled -- Ticket #405 - referint modrdn not working if case is different +* Tue Sep 25 2012 Rich Megginson - 1.2.11.15-1 +- Ticket 470 - 389 prevents from adding a posixaccount with userpassword after schema reload +- Ticket 477 - CLEANALLRUV if there are only winsync agmts task will hang +- Ticket 457 - dirsrv init script returns 0 even when few or all instances fail to start +- Ticket 473 - change VERSION.sh to have console version be major.minor +- Ticket 475 - Root DN Access Control - improve value checking for config +- Trac Ticket #466 - entry_apply_mod - ADD: Failed to set unhashed#user#password to extension +- Ticket 474 - Root DN Access Control - days allowed not working correctly +- Ticket 467 - CLEANALLRUV abort task should be able to ignore down replicas +- 0b79915 fix compiler warnings in ticket 374 code +- Ticket 452 - automember rebuild task adds users to groups that do not match the configuration scope -* Wed Jun 27 2012 Rich Megginson - 1.2.10.12-1 +* Fri Sep 7 2012 Rich Megginson - 1.2.11.14-1 +- Ticket 450 - CLEANALLRUV task gets stuck on winsync replication agreement +- Ticket 386 - large memory growth with ldapmodify(heap fragmentation) +- this patch doesn't fix the bug - it allows us to experiment with +- different values of mxfast +- Ticket #374 - consumer can go into total update mode for no reason + +* Tue Sep 4 2012 Rich Megginson - 1.2.11.13-1 +- Ticket #426 - support posix schema for user and group sync +- 1) plugin config ldif must contain pluginid, etc. during upgrade or it +- will fail due to schema errors +- 2) posix winsync should have a lower precedence (25) than the default (50) +- so that it will be run first +- 3) posix winsync should support the Winsync API v3 - the v2 functions are +- just stubs for now - but the precedence cb is active + +* Thu Aug 30 2012 Rich Megginson - 1.2.11.12-1 +- 8e5087a Coverity defects - 13089: Dereference after null check ldbm_back_delete +- Trac Ticket #437 - variable dn should not be used in ldbm_back_delete +- ba1f5b2 fix coverity resource leak in windows_plugin_add +- e3e81db Simplify program flow: change while loops to for +- a0d5dc0 Fix logic errors: del_mod should be latched (might not be last mod), and avoid skipping add-mods (int value 0) +- 0808f7e Simplify program flow: make adduids/moduids/deluids action blocks all similar +- 77eb760 Simplify program flow: eliminate unnecessary continue +- c9e9db7 Memory leaks: unmatched slapi_attr_get_valueset and slapi_value_new +- a4ca0cc Change "return"s in modGroupMembership to "break"s to avoid leaking +- d49035c Factorize into new isPosixGroup function +- 3b61c03 coverity - posix winsync mem leaks, null check, deadcode, null ref, use after free +- 33ce2a9 fix mem leaks with parent dn log message, setting winsync windows domain +- Ticket #440 - periodic dirsync timed event causes server to loop repeatedly +- Ticket #355 - winsync should not delete entry that appears to be out of scope +- Ticket 436 - nsds5ReplicaEnabled can be set with any invalid values. +- 487932d coverity - mbo dead code - winsync leaks, deadcode, null check, test code +- 2734a71 CLEANALLRUV coverity fixes +- Ticket #426 - support posix schema for user and group sync +- Ticket #430 - server to server ssl client auth broken with latest openldap + +* Mon Aug 20 2012 Mark Reynolds - 1.2.11.11-1 +6c0778f bumped version to 1.2.11.11 +Ticket 429 - added nsslapd-readonly to DS schema +Ticket 403 - fix CLEANALLRUV regression from last commit +Trac Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values + +* Tue Aug 15 2012 Mark Reynolds - 1.2.11.10-1 +db6b354 bumped version to 1.2.11.10 +Ticket 403 - CLEANALLRUV revisions + +* Tue Aug 7 2012 Mark Reynolds - 1.2.11.9-1 +ea05e69 Bumped version to 1.2.11.9 +Ticket 407 - dna memory leak - fix crash from prev fix + +* Fri Aug 3 2012 Mark Reynolds - 1.2.11.8-1 +ddcf669 bump version to 1.2.11.8 for offical release +Ticket #425 - support multiple winsync plugins +Ticket 403 - cleanallruv coverity fixes +Ticket 407 - memory leak in dna plugin +Ticket 403 - CLEANALLRUV feature +Ticket 413 - "Server is unwilling to perform" when running ldapmodify on nsds5ReplicaStripAttrs +3168f04 Coverity defects +5ff0a02 COVERITY FIXES +Ticket #388 - Improve replication agreement status messages +0760116 Update the slapi-plugin documentation on new slapi functions, and added a slapi function for checking on shutdowns +Ticket #369 - restore of replica ldif file on second master after deleting two records shows only 1 deletion +Ticket #409 - Report during startup if nsslapd-cachememsize is too small +Ticket #412 - memberof performance enhancement +12813: Uninitialized pointer read string_values2keys +Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values +Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values +Ticket #410 - Referential integrity plug-in does not work when update interval is not zero +Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled +Ticket #405 - referint modrdn not working if case is different +Ticket 399 - slapi_ldap_bind() doesn't check bind results + +* Wed Jul 18 2012 Fedora Release Engineering - 1.2.11.7-2.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 28 2012 Petr Pisar - 1.2.11.7-2.1 +- Perl 5.16 rebuild + +* Wed Jun 27 2012 Rich Megginson - 1.2.11.7-2 - Ticket 378 - unhashed#user#password visible after changing password -- fix typo in previous patch +- fix func declaration from previous patch +- Ticket 366 - Change DS to purge ticket from krb cache in case of authentication error + +* Wed Jun 27 2012 Rich Megginson - 1.2.11.7-1 - Trac Ticket 396 - Account Usability Control Not Working -* Thu Jun 21 2012 Rich Megginson - 1.2.10.11-1 +* Thu Jun 21 2012 Rich Megginson - 1.2.11.6-1 - Ticket #378 - audit log does not log unhashed password: enabled, by default. - Ticket #378 - unhashed#user#password visible after changing password - Ticket #365 - passwords in clear text in the audit log -* Mon Jun 18 2012 Rich Megginson - 1.2.10.10-1 -- Ticket #390 - [abrt] 389-ds-base-1.2.10.6-1.fc16: slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) +* Tue Jun 19 2012 Rich Megginson - 1.2.11.5-2 +- workaround for https://bugzilla.redhat.com/show_bug.cgi?id=833529 + +* Mon Jun 18 2012 Rich Megginson - 1.2.11.5-1 +- Ticket #387 - managed entry sometimes doesn't delete the managed entry +- 5903815 improve txn test index handling +- Ticket #360 - ldapmodify returns Operations error - fix delete caching +- bcfa9e3 Coverity Fix for CLEANALLRUV +- Trac Ticket #335 - transaction retries need to be cache aware +- Ticket #389 - ADD operations not in audit log +- 44cdc84 fix coverity issues with uninit vals, no return checking +- Ticket 368 - Make the cleanAllRUV task one step +- Ticket #110 - RFE limiting root DN by host, IP, time of day, day of week -* Thu May 24 2012 Rich Megginson - 1.2.10.9-1 -- Ticket #382 - DS Shuts down intermittently +* Tue May 22 2012 Rich Megginson - 1.2.11.4-1 +- Ticket #360 - ldapmodify returns Operations error +- Ticket #321 - krbExtraData is being null modified and replicated on each ssh login - Trac Ticket #359 - Database RUV could mismatch the one in changelog under the stress -- Bug #361: Bad DNs in ACIs can segfault ns-slapd +- Ticket #361: Bad DNs in ACIs can segfault ns-slapd - Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object +- Ticket #337 - Improve CLEANRUV task + +* Sat May 5 2012 Rich Megginson - 1.2.11.3-1 +- Ticket #358 - managed entry doesn't delete linked entry -* Thu May 3 2012 Rich Megginson - 1.2.10.8-1 +* Fri May 4 2012 Rich Megginson - 1.2.11.2-1 +- Ticket #351 - use betxn plugins by default +- revert - make no plugins betxn by default - too great a risk +- for deadlocks until we can test this better - Ticket #348 - crash in ldap_initialize with multiple threads -- previous fix would crash in ldclt - this fixes that crash +- fixes PR_Init problem in ldclt -* Mon Apr 30 2012 Rich Megginson - 1.2.10.7-1 +* Wed May 2 2012 Rich Megginson - 1.2.11.1-1 +- f227f11 Suppress alert on unavailable port with forced setup +- Ticket #353 - coverity 12625-12629 - leaks, dead code, unchecked return +- Ticket #351 - use betxn plugins by default +- Trac Ticket #345 - db deadlock return should not log error - Ticket #348 - crash in ldap_initialize with multiple threads +- Ticket #214 - Adding Replication agreement should complain if required nsds5ReplicaCredentials not supplied +- Ticket #207 - [RFE] enable attribute that tracks when a password was last set +- Ticket #216 - RFE - Disable replication agreements +- Ticket #337 - RFE - Improve CLEANRUV functionality +- Ticket #326 - MemberOf plugin should work on all backends +- Trac Ticket #19 - Convert entryUSN plugin to transaction aware type - Ticket #347 - IPA dirsvr seg-fault during system longevity test - -* Tue Apr 10 2012 Rich Megginson - 1.2.10.6-1 -- Bug 808770 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) -- typo in previous patch - -* Tue Apr 10 2012 Rich Megginson - 1.2.10.5-1 -- Bug 808770 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) -- same as Ticket #336 +- Trac Ticket #310 - Avoid calling escape_string() for logged DNs +- Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object +- Ticket #183 - passwordMaxFailure should lockout password one sooner +- Trac Ticket #335 - transaction retries need to be cache aware +- Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) +- Ticket #325 - logconv.pl : use of getopts to parse command line options +- Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) +- 554e29d Coverity Fixes +- Trac Ticket #46 - (additional 2) setup-ds-admin.pl does not like ipv6 only hostnames +- Ticket #183 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions +- Ticket #315 - small fix to libglobs +- Ticket #315 - ns-slapd exits/crashes if /var fills up +- Ticket #20 - Allow automember to work on entries that have already been added +- Trac Ticket #45 - Fine Grained Password policy: if passwordHistory is on, deleting the password fails. + +* Fri Mar 30 2012 Rich Megginson - 1.2.11-0.1.a1 +- 453eb97 schema def must have DESC '' - close paren must be preceded by space +- Trac Ticket #46 - (additional) setup-ds-admin.pl does not like ipv6 only hostnames +- Ticket #331 - transaction errors with db 4.3 and db 4.2 +- Ticket #261 - Add Solaris i386 +- Ticket #316 and Ticket #70 - add post add/mod and AD add callback hooks +- Ticket #324 - Sync with group attribute containing () fails +- Ticket #319 - ldap-agent crashes on start with signal SIGSEGV +- 77cacd9 coverity 12606 Logically dead code +- Trac Ticket #303 - make DNA range requests work with transactions +- Ticket #320 - allow most plugins to be betxn plugins +- Ticket #24 - Add nsTLS1 to the DS schema +- Ticket #271 - Slow shutdown when you have 100+ replication agreements +- TIcket #285 - compilation fixes for '--format-security' +- Ticket 211 - Avoid preop range requests non-DNA operations +- Ticket #271 - replication code cleanup +- Ticket 317 - RHDS fractional replication with excluded password policy attributes leads to wrong error messages. +- Ticket #308 - Automembership plugin fails if data and config area mixed in the plugin configuration +- Ticket #292 - logconv.pl reporting unindexed search with different search base than shown in access logs +- 6f8680a coverity 12563 Read from pointer after free (fix 2) +- e6a9b22 coverity 12563 Read from pointer after free +- 245d494 Config changes fail because of unknown attribute "internalModifiersname" +- Ticket #191 - Implement SO_KEEPALIVE in network calls +- Ticket #289 - allow betxn plugin config changes +- 93adf5f destroy the entry cache and dn cache in the dse post op delete callback +- e2532d8 init txn thread private data for all database modes +- Ticket #291 - cannot use & in a sasl map search filter +- 6bf6e79 Schema Reload crash fix +- 60b2d12 Fixing compiler warnings +- Trac Ticket #260 - 389 DS does not support multiple paging controls on a single connection +- Ticket #302 - use thread local storage for internalModifiersName & internalCreatorsName +- fdcc256 Minor bug fix introcuded by commit 69c9f3bf7dd9fe2cadd5eae0ab72ce218b78820e +- Ticket #306 - void function cannot return value +- ticket 181 - Allow PAM passthru plug-in to have multiple config entries +- ticket 211 - Use of uninitialized variables in ldbm_back_modify() +- Ticket #74 - Add schema for DNA plugin (RFE) +- Ticket #301 - implement transaction support using thread local storage +- Ticket #211 - dnaNextValue gets incremented even if the user addition fails +- 144af59 coverity uninit var and resource leak +- Trac Ticket #34 - remove-ds.pl does not remove everything +- Trac Ticket #169 - allow 389 to use db5 +- bc78101 fix compiler warning in acct policy plugin +- Trac Ticket #84 - 389 Directory Server Unnecessary Checkpoints +- Trac Ticket #27 - SASL/PLAIN binds do not work +- Ticket #129 - Should only update modifyTimestamp/modifiersName on MODIFYops +- Ticket #17 - new replication optimizations + +* Tue Mar 27 2012 Noriko Hosoi - 1.2.10.4-4 +- Ticket #46 - (revised) setup-ds-admin.pl does not like ipv6 only hostnames +- Ticket #66 - 389-ds-base spec file does not have a BuildRequires on gcc-c++ + +* Fri Mar 23 2012 Noriko Hosoi - 1.2.10.4-3 +- Ticket #46 - setup-ds-admin.pl does not like ipv6 only hostnames * Wed Mar 21 2012 Rich Megginson - 1.2.10.4-2 - get rid of posttrans - move update code to post @@ -359,6 +701,8 @@ fi - Ticket #281 - TLS not working with latest openldap - Trac Ticket #290 - server hangs during shutdown if betxn pre/post op fails - Trac Ticket #26 - Please support setting defaultNamingContext in the rootdse + +* Tue Feb 14 2012 Noriko Hosoi - 1.2.10.1-2 - Ticket #124 - add Provides: ldif2ldbm to rpm * Tue Feb 14 2012 Rich Megginson - 1.2.10.1-1 @@ -369,6 +713,12 @@ fi - Ticket 51 - memory leaks in 389-ds-base-1.2.8.2-1.el5? - Ticket 175 - logconv.pl improvements +* Fri Feb 10 2012 Noriko Hosoi - 1.2.10-0.10.rc1.2 +- Introducing use_db4 macro to support db5 (libdb). + +* Fri Feb 10 2012 Petr Pisar - 1.2.10-0.10.rc1.1 +- Rebuild against PCRE 8.30 + * Thu Feb 2 2012 Rich Megginson - 1.2.10-0.10.rc1 - ad9dd30 coverity 12488 Resource leak In attr_index_config(): Leak of memory or pointers to system resources - Ticket #281 - TLS not working with latest openldap @@ -425,6 +775,9 @@ fi - Ticket 1 - pre-normalize filter and pre-compile substring regex - and other optimizations - Ticket 2 - If node entries are tombstone'd, subordinate entries fail to get the full DN. +* Thu Jan 12 2012 Fedora Release Engineering - 1.2.10-0.6.a6.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + * Thu Dec 15 2011 Rich Megginson - 1.2.10-0.6.a6 - Bug 755725 - 389 programs linked against openldap crash during shutdown - Bug 755754 - Unable to start dirsrv service using systemd @@ -465,17 +818,8 @@ fi - Bug 741744 - MOD operations with chained delete/add get back error 53 on backend config - Bug 742324 - allow nsslapd-idlistscanlimit to be set dynamically and per-user -* Tue Sep 27 2011 Rich Megginson - 1.2.10.a1-0.1 -- Bug 739172 - Allow separate fractional attrs for incremental and total protocols -- 6120b3d Make all backend operations transaction aware -- 056cc35 Add support for pre/post db transaction plugins -- Bug 736712 - Modifying ruv entry deadlocks server -- Bug 590826 - Reloading database from ldif causes changelog to emit "data no longer matches" errors -- Bug 730387 - Add slapi_rwlock API and use POSIX rwlocks -- Bug 611438 - Add Account Usability Control support - -* Tue Sep 13 2011 Rich Megginson - 1.2.9.10-3 -- added back fedora-ds-base stuff so as not to break dependencies +* Wed Sep 21 2011 Rich Megginson - 1.2.10.a1-0.1 +- Bug 695736 - Providing native systemd file * Wed Sep 7 2011 Rich Megginson - 1.2.9.10-2 - corrected source @@ -534,6 +878,12 @@ fi - Bug 725542 - Instance upgrade fails when upgrading 389-ds-base package - Bug 723937 - Slapi_Counter API broken on 32-bit F15 +* Thu Jul 21 2011 Petr Sabata - 1.2.9.0-1.2 +- Perl mass rebuild + +* Wed Jul 20 2011 Petr Sabata - 1.2.9.0-1.1 +- Perl mass rebuild + * Fri Jul 15 2011 Rich Megginson - 1.2.9.0-1 - Bug 720059 - RDN with % can cause crashes or missing entries - Bug 709468 - RSA Authentication Server timeouts when using simple paged results on RHDS 8.2. @@ -563,8 +913,16 @@ fi - Bug 710377 - Import with chain-on-update crashes ns-slapd - Bug 709826 - Memory leak: when extra referrals configured -* Wed Jun 22 2011 Rich Megginson - 1.2.8.3-2 -- removed selinux dependency +* Fri Jun 17 2011 Marcela Mašláňová - 1.2.9-0.1.a1.2 +- Perl mass rebuild + +* Fri Jun 10 2011 Marcela Mašláňová - 1.2.9-0.1.a1.1 +- Perl 5.14 mass rebuild + +* Thu May 26 2011 Rich Megginson - 1.2.9-0.1.a1 +- 389-ds-base-1.2.9.a1 +- Auto Membership +- More Coverity fixes * Mon May 2 2011 Rich Megginson - 1.2.8.3-1 - 389-ds-base-1.2.8.3 @@ -594,18 +952,18 @@ fi - Bug 693451 - cannot use localized matching rules - Bug 692331 - Segfault on index update during full replication push on 1.2.7.5 -* Mon Apr 4 2011 Rich Megginson - 1.2.8-0.9.rc5 +* Mon Apr 4 2011 Rich Megginson - 1.2.8-0.10.rc5 - 389-ds-base-1.2.8.rc5 - Bug 692469 - Replica install fails after step for "enable GSSAPI for replication" -* Tue Mar 29 2011 Rich Megginson - 1.2.8-0.8.rc4 +* Tue Mar 29 2011 Rich Megginson - 1.2.8-0.9.rc4 - 389-ds-base-1.2.8.rc4 - Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv ice is restarted - 389-ds-base-1.2.8.rc3 - Bug 690955 - Mrclone fails due to the replica generation id mismatch -* Tue Mar 22 2011 Rich Megginson - 1.2.8-0.7.rc2 +* Tue Mar 22 2011 Rich Megginson - 1.2.8-0.8.rc2 - 389-ds-base-1.2.8 release candidate 2 - git tag 389-ds-base-1.2.8.rc2 - Bug 689537 - (cov#10610) Fix Coverity NULL pointer dereferences - Bug 689866 - ns-newpwpolicy.pl needs to use the new DN format @@ -618,6 +976,9 @@ ice is restarted - Bug 644784 - Memory leak in "testbind.c" plugin - Bug 680558 - Winsync plugin fails to restrain itself to the configured subtree +* Mon Mar 7 2011 Caolán McNamara - 1.2.8-0.7.rc1 +- rebuild for icu 4.6 + * Wed Mar 2 2011 Rich Megginson - 1.2.8-0.6.rc1 - 389-ds-base-1.2.8 release candidate 1 - git tag 389-ds-base-1.2.8.rc1 - Bug 518890 - setup-ds-admin.pl - improve hostname validation @@ -662,6 +1023,9 @@ es ice is restarted - Bug 675853 - dirsrv crash segfault in need_new_pw() +* Mon Feb 07 2011 Fedora Release Engineering - 1.2.8-0.2.a2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Thu Feb 3 2011 Rich Megginson - 1.2.8-0.2.a2 - 1.2.8.a2 release - git tag 389-ds-base-1.2.8.a2 - Bug 674430 - Improve error messages for attribute uniqueness @@ -687,6 +1051,9 @@ ice is restarted - 1.2.7.5 release - git tag 389-ds-base-1.2.7.5 - Bug 663597 - Memory leaks in normalization code +* Tue Dec 14 2010 Rich Megginson - 1.2.7.4-2 +- Resolves: bug 656541 - use %ghost on files in /var/lock + * Fri Dec 10 2010 Rich Megginson - 1.2.7.4-1 - 1.2.7.4 release - git tag 389-ds-base-1.2.7.4 - Bug 661792 - Valid managed entry config rejected @@ -704,6 +1071,9 @@ ice is restarted - Bug 658312 - Allow mapped attribute types to be quoted - Bug 197886 - Avoid overflow of UUID generator +* Tue Nov 23 2010 Rich Megginson - 1.2.7.1-2 +- last commit had bogus commit log + * Tue Nov 23 2010 Rich Megginson - 1.2.7.1-1 - 1.2.7.1 release - git tag 389-ds-base-1.2.7.1 - Bug 656515 - Allow Name and Optional UID syntax for grouping attributes diff --git a/sources b/sources index 47a3da5..157c95c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fb524ff20bbee0a2eab8413f15fd8cbf 389-ds-base-1.2.10.14.tar.bz2 +1219ba5429c63bcdd2190a24be8d27ec 389-ds-base-1.2.11.23.tar.bz2