diff --git a/389-ds-base-git-local.sh b/389-ds-base-git-local.sh index 5f63ffa..a6198cd 100644 --- a/389-ds-base-git-local.sh +++ b/389-ds-base-git-local.sh @@ -2,7 +2,7 @@ DATE=`date +%Y%m%d` # use a real tag name here -VERSION=1.2.11.24 +VERSION=1.2.11.25 PKGNAME=389-ds-base TAG=${TAG:-$PKGNAME-$VERSION} #SRCNAME=$PKGNAME-$VERSION-$DATE diff --git a/389-ds-base-git.sh b/389-ds-base-git.sh index a6d0a6c..e13743f 100644 --- a/389-ds-base-git.sh +++ b/389-ds-base-git.sh @@ -2,7 +2,7 @@ DATE=`date +%Y%m%d` # use a real tag name here -VERSION=1.2.11.24 +VERSION=1.2.11.25 PKGNAME=389-ds-base TAG=${TAG:-$PKGNAME-$VERSION} URL="http://git.fedorahosted.org/git/?p=389/ds.git;a=snapshot;h=$TAG;sf=tgz" diff --git a/389-ds-base.spec b/389-ds-base.spec index 03d9c34..3c0f428 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -9,7 +9,7 @@ Summary: 389 Directory Server (base) Name: 389-ds-base -Version: 1.2.11.24 +Version: 1.2.11.25 Release: %{?relprefix}1%{?prerel}%{?dist} License: GPLv2 with exceptions URL: http://port389.org/ @@ -319,23 +319,297 @@ exit 0 %{_libdir}/%{pkgname}/libslapd.so.* %changelog -* Fri Oct 4 2013 Rich Megginson - 1.2.11.24-1 -- rebase to 1.2.11.24 - -* Tue Oct 16 2012 Rich Megginson - 1.2.10.14-2 -- Trac Ticket #340 - Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl - -* Wed Jul 18 2012 Rich Megginson - 1.2.10.14-1 -- Ticket #410 - Referential integrity plug-in does not work when update interval is not zero - -* Mon Jul 16 2012 Rich Megginson - 1.2.10.13-1 -- Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled -- Ticket #405 - referint modrdn not working if case is different - -* Wed Jun 27 2012 Rich Megginson - 1.2.10.12-1 +* Thu Nov 21 2013 Rich Megginson - 1.2.11.25-1 +- Ticket #47605 CVE-2013-4485: DoS due to improper handling of ger attr searches +- Ticket #47596 attrcrypt fails to find unlocked key +- Revert "Ticket #47559 hung server - related to sasl and initialize" +- Ticket #47585 Replication Failures related to skipped entries due to cleaned rids +- Ticket #47581 - Winsync plugin segfault during incremental backoff (phase 2) +- Ticket #47581 - Winsync plugin segfault during incremental backoff +- Ticket 47577 - crash when removing entries from cache +- Ticket #47559 hung server - related to sasl and initialize +- fe52f44 ticket #47550 wip +- Ticket #47550 logconv: failed logins: Use of uninitialized value in numeric comparison at logconv.pl line 949 +- Ticket #47551 logconv: -V does not produce unindexed search report +- Ticket 47517 - fix memory leak in ldbm_delete.c +- Ticket #47488 - Users from AD sub OU does not sync to IPA +- minor fixes for bdb 4.2/4.3 and mozldap +- Tickets: 47510 & 47543 - 389 fails to build when using Mozldap + +* Tue Oct 15 2013 Rich Megginson - 1.2.11.23-3.1 +- add mutex around ldap ssl functions/bind/unbind + +* Wed Oct 2 2013 Rich Megginson - 1.2.11.23-3 +- bump version to rebuild again + +* Wed Oct 2 2013 Rich Megginson - 1.2.11.23-2 +- forgot to bump the source version + +* Wed Oct 2 2013 Rich Megginson - 1.2.11.23-1 +- Ticket #422 - 389-ds-base - Can't call method "getText" +- Ticket 47509 - CLEANALLRUV doesnt run across all replicas +- Ticket 47533 logconv: some stats do not work across server restarts +- Ticket #47501 logconv.pl uses /var/tmp for BDB temp files +- Ticket 47520 - Fix various issues with logconv.pl +- Ticket #47387 - improve logconv.pl performance with large access logs +- Ticket 47354 - Indexed search are logged with 'notes=U' in the access logs +- Ticket 47461 - logconv.pl - Use of comma-less variable list is deprecated +- Ticket 47447 - logconv.pl man page missing -m,-M,-B,-D +- Ticket #47348 - add etimes to per second/minute stats +- Ticket #47341 - logconv.pl -m time calculation is wrong +- Ticket #47336 - logconv.pl -m not working for all stats +- Ticket 611 - logconv.pl missing stats for StartTLS, LDAPI, and AUTOBIND +- TIcket 419 - logconv.pl - improve memory management +- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used +- Ticket 539 - logconv.pl should handle microsecond timing +- Ticket #356 - RFE - Track bind info +- Ticket #47534 - RUV tombstone search with scope "one" doesn`t work +- Ticket 47489 - Under specific values of nsDS5ReplicaName, replication may get broken or updates missing +- Ticket #47523 - Set up replcation/agreement before initializing the sub suffix, the sub suffix is not found by ldapsearch +- Ticket #47504 idlistscanlimit per index/type/value +- Ticket #47492 - PassSync removes User must change password flag on the Windows side +- Ticket #47516 replication stops with excessive clock skew +- Bug 999634 - ns-slapd crash due to bogus DN + +* Fri Aug 2 2013 Rich Megginson - 1.2.11.22-3 +- use socket6 instead of socket + +* Thu Aug 1 2013 Rich Megginson - 1.2.11.22-2 +- remove the dependency and conflict with selinux versions + +* Wed Jul 31 2013 Rich Megginson - 1.2.11.22-1 +- 89a98eb fix coverity 11895 - null deref - caused by fix to ticket 47392 +- 9750ea7 fix compiler warning in posix winsync code for posix_group_del_memberuid_callback +- 12d47a2 Fix compiler warnings for Ticket 47395 and 47397 +- d9a1c7b fix compiler warning +- 855d289 Ticket #543 - Sorting with attributes in ldapsearch gives incorrect result +- CVE-2013-2219 ACLs inoperative in some search scenarios +- Ticket #47378 - fix recent compiler warnings +- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold +- Ticket 47449 - deadlock after adding and deleting entries +- Ticket 47421 - memory leaks in set_krb5_creds +- Ticket 47441 - Disk Monitoring not checking filesystem with logs +- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold +- Ticket #47435 - Very large entryusn values after enabling the USN plugin and the lastusn value is negative. +- Ticket #47424 - Replication problem with add-delete requests on single-valued attributes +- Ticket #47428 - Memory leak in 389-ds-base 1.2.11.15 +- Ticket #47392 - ldbm errors when adding/modifying/deleting entries +- Ticket 47385 - Disk Monitoring is not triggered as expected. +- Ticket #47410 - changelog db deadlocks with DNA and replication +- Ticket #47409 - allow setting db deadlock rejection policy +- Ticket #47412 - Modify RUV should be serialized in ldbm_back_modify/add +- Ticket #47409 - allow setting db deadlock rejection policy +- Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization +- Ticket 47396 - crash on modrdn of tombstone +- Ticket 47395 47397 v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured +- Ticket #47402 - Attribute names are incorrect in search results +- Ticket #47391 - deleting and adding userpassword fails to update the password +- e3b8e2f Coverity Fixes (Part 7) +- Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3) +- Ticket #47375 - flush_ber error sending back start_tls response will deadlock +- Ticket #47377 - make listen backlog size configurable +- Ticket #47367 - (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry +- Ticket 47383 - connections attribute in cn=snmp,cn=monitor is counted twice +- Ticket 47385 - DS not shutting down when disk monitoring threshold is reached +- Ticket #47378 - fix recent compiler warnings +- 9ac276a Coverity Fixes (Part 5) +- 3ab5aba Coverity Fixes (Part 4) +- 36f2572 Coverity Fixes (Part 3) +- 41a8827 Coverity Fixes (Part 2) +- f771f95 Coverity Fixes (part 1) +- Ticket 580 - Wrong error code return when using EXTERNAL SASL and no client certificate +- Ticket #47349 - DS instance crashes under a high load +- Ticket #47359 - new ldap connections can block ldaps and ldapi connections +- Ticket #47327 - error syncing group if group member user is not synced +- Ticket #47362 - ipa upgrade selinuxusermap data not replicating +- Ticket 47361 - Empty control list causes LDAP protocol error is thrown +- Trac Ticket #531 - loading an entry from the database should use str2entry_fast +- Ticket #47347 - Simple paged results should support async search +- Ticket 623 - cleanAllRUV task fails to cleanup config upon completion +- 6abec15 Coverity fix 13139 - Dereference after NULL check in slapi_attr_value_normalize_ext() + +* Tue Apr 9 2013 Mark Reynolds - 1.2.11.21-1 +9a7ba7d bump verison to 1.2.11.21 +Ticket 47318 - server fails to start after upgrade(schema error) + +* Wed Mar 28 2013 Noriko Hosoi - 1.2.11.20-1 +46bfabb bump version to 1.2.11.20 +Ticket 623 - cleanAllRUV task fails to cleanup config upon completion +Ticket #47308 - unintended information exposure when anonymous access is set to rootdse +Ticket 628 - crash in aci evaluation +Ticket #627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so +Ticket #634 - Deadlock in DNA plug-in +f6a6514 Coverity issue 13091 +Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC +Ticket 623 - cleanAllRUV task fails to cleanup config upon completion + +* Mon Mar 11 2013 Mark Reynolds - 1.2.11.19-1 +c535f7d bump version to 1.2.11.19 +Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data +Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry +Ticket 518 - dse.ldif is 0 length after server kill or machine kill +Ticket #579 - Error messages encountered when using POSIX winsync +Ticket #576 - DNA: use event queue for config update only at the start up +Ticket 367 - Invalid chaining config triggers a disk full error and shutdown +Ticket 570 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled) +Bug 906005 - Valgrind reports memleak in modify_update_last_modified_attr +Ticket #572 - PamConfig schema not updated during upgrade + +* Thu Jan 24 2013 Mark Reynolds - 1.2.11.18-1 +12420d9 bump version to 1.2.11.18 +Ticket 556 - Don't overwrite certmap.conf during upgrade +Ticket 495 - 1.2.11 - plugin dn is missing from pblock +Ticket 549 - DNA plugin no longer reports additional info when range is depleted +Ticket 541 - need to set plugin as off in ldif template +Ticket 541 - RootDN Access Control plugin is missing after upgrade +Ticket 527 - ns-slapd segfaults if it cannot rename the logs +39b0938 Coverity Issues for 1.2.11 +Ticket 216 - disable replication agreements +Ticket 20 - Allow automember to work on entries that have already been added +7d22bc2 Coverity Fixes +Ticket 337 - improve CLEANRUV functionality +Ticket 495 - internalModifiersname not updated by DNA plugin +Ticket 517 - crash in DNA if no dnaMagicRegen is specified +Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry +Trac Ticket #519 - Search with a complex filter including range search is slow +Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error +Ticket #503 - Improve AD version in winsync log message +Trac Ticket #498 - Cannot abaondon simple paged result search +55997a6 Coverity defects +Trac Ticket #494 - slapd entered to infinite loop during new index addition +56ebbb2 Fixing compiler warnings in the posix-winsync plugin +a57d913 Coverity defects +Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h]) +Ticket 486 - nsslapd-enablePlugin should not be multivalued +Ticket 488 - Doc: DS error log messages with typo +Ticket #491 - multimaster_extop_cleanruv returns wrong error codes + +* Mon Dec 10 2012 Mark Reynolds - 1.2.11.17-1 +- 94d5ea3 bump verison to 1.2.11.17 +- Ticket 527 - ns-slapd segfaults if it cannot rename the logs +- 39b0938 Coverity Issues for 1.2.11 +- Ticket 216 - disable replication agreements +- Ticket 20 - Allow automember to work on entries that have already been added +- 7d22bc2 Coverity Fixes +- Ticket 337 - improve CLEANRUV functionality +- Ticket 495 - internalModifiersname not updated by DNA plugin +- Ticket 517 - crash in DNA if no dnaMagicRegen is specified +- Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry +- Trac Ticket #519 - Search with a complex filter including range search is slow +- Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error +- Ticket #503 - Improve AD version in winsync log message +- Trac Ticket #498 - Cannot abaondon simple paged result search +- 55997a6 Coverity defects +- Trac Ticket #494 - slapd entered to infinite loop during new index addition +- 56ebbb2 Fixing compiler warnings in the posix-winsync plugin +- a57d913 Coverity defects +- Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h]) +- Ticket 486 - nsslapd-enablePlugin should not be multivalued +- Ticket 488 - Doc: DS error log messages with typo +- Ticket #491 - multimaster_extop_cleanruv returns wrong error codes + +* Wed Oct 10 2012 Noriko Hosoi - 1.2.11.16-1 +- Ticket 340 - Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl +- Ticket 446 - anonymous limits are being applied to directory manager +- Ticket 478 - passwordTrackUpdateTime stops working with subtree password policies +- Ticket 481 - expand nested posix groups +- Ticket 485 - Dirsrv deadlock locking up IPA + +* Tue Sep 25 2012 Rich Megginson - 1.2.11.15-1 +- Ticket 470 - 389 prevents from adding a posixaccount with userpassword after schema reload +- Ticket 477 - CLEANALLRUV if there are only winsync agmts task will hang +- Ticket 457 - dirsrv init script returns 0 even when few or all instances fail to start +- Ticket 473 - change VERSION.sh to have console version be major.minor +- Ticket 475 - Root DN Access Control - improve value checking for config +- Trac Ticket #466 - entry_apply_mod - ADD: Failed to set unhashed#user#password to extension +- Ticket 474 - Root DN Access Control - days allowed not working correctly +- Ticket 467 - CLEANALLRUV abort task should be able to ignore down replicas +- 0b79915 fix compiler warnings in ticket 374 code +- Ticket 452 - automember rebuild task adds users to groups that do not match the configuration scope + +* Fri Sep 7 2012 Rich Megginson - 1.2.11.14-1 +- Ticket 450 - CLEANALLRUV task gets stuck on winsync replication agreement +- Ticket 386 - large memory growth with ldapmodify(heap fragmentation) +- this patch doesn't fix the bug - it allows us to experiment with +- different values of mxfast +- Ticket #374 - consumer can go into total update mode for no reason + +* Tue Sep 4 2012 Rich Megginson - 1.2.11.13-1 +- Ticket #426 - support posix schema for user and group sync +- 1) plugin config ldif must contain pluginid, etc. during upgrade or it +- will fail due to schema errors +- 2) posix winsync should have a lower precedence (25) than the default (50) +- so that it will be run first +- 3) posix winsync should support the Winsync API v3 - the v2 functions are +- just stubs for now - but the precedence cb is active + +* Thu Aug 30 2012 Rich Megginson - 1.2.11.12-1 +- 8e5087a Coverity defects - 13089: Dereference after null check ldbm_back_delete +- Trac Ticket #437 - variable dn should not be used in ldbm_back_delete +- ba1f5b2 fix coverity resource leak in windows_plugin_add +- e3e81db Simplify program flow: change while loops to for +- a0d5dc0 Fix logic errors: del_mod should be latched (might not be last mod), and avoid skipping add-mods (int value 0) +- 0808f7e Simplify program flow: make adduids/moduids/deluids action blocks all similar +- 77eb760 Simplify program flow: eliminate unnecessary continue +- c9e9db7 Memory leaks: unmatched slapi_attr_get_valueset and slapi_value_new +- a4ca0cc Change "return"s in modGroupMembership to "break"s to avoid leaking +- d49035c Factorize into new isPosixGroup function +- 3b61c03 coverity - posix winsync mem leaks, null check, deadcode, null ref, use after free +- 33ce2a9 fix mem leaks with parent dn log message, setting winsync windows domain +- Ticket #440 - periodic dirsync timed event causes server to loop repeatedly +- Ticket #355 - winsync should not delete entry that appears to be out of scope +- Ticket 436 - nsds5ReplicaEnabled can be set with any invalid values. +- 487932d coverity - mbo dead code - winsync leaks, deadcode, null check, test code +- 2734a71 CLEANALLRUV coverity fixes +- Ticket #426 - support posix schema for user and group sync +- Ticket #430 - server to server ssl client auth broken with latest openldap + +* Mon Aug 20 2012 Mark Reynolds - 1.2.11.11-1 +6c0778f bumped version to 1.2.11.11 +Ticket 429 - added nsslapd-readonly to DS schema +Ticket 403 - fix CLEANALLRUV regression from last commit +Trac Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values + +* Tue Aug 15 2012 Mark Reynolds - 1.2.11.10-1 +db6b354 bumped version to 1.2.11.10 +Ticket 403 - CLEANALLRUV revisions + +* Tue Aug 7 2012 Mark Reynolds - 1.2.11.9-1 +ea05e69 Bumped version to 1.2.11.9 +Ticket 407 - dna memory leak - fix crash from prev fix + +* Fri Aug 3 2012 Mark Reynolds - 1.2.11.8-1 +ddcf669 bump version to 1.2.11.8 for offical release +Ticket #425 - support multiple winsync plugins +Ticket 403 - cleanallruv coverity fixes +Ticket 407 - memory leak in dna plugin +Ticket 403 - CLEANALLRUV feature +Ticket 413 - "Server is unwilling to perform" when running ldapmodify on nsds5ReplicaStripAttrs +3168f04 Coverity defects +5ff0a02 COVERITY FIXES +Ticket #388 - Improve replication agreement status messages +0760116 Update the slapi-plugin documentation on new slapi functions, and added a slapi function for checking on shutdowns +Ticket #369 - restore of replica ldif file on second master after deleting two records shows only 1 deletion +Ticket #409 - Report during startup if nsslapd-cachememsize is too small +Ticket #412 - memberof performance enhancement +12813: Uninitialized pointer read string_values2keys +Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values +Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values +Ticket #410 - Referential integrity plug-in does not work when update interval is not zero +Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled +Ticket #405 - referint modrdn not working if case is different +Ticket 399 - slapi_ldap_bind() doesn't check bind results + +* Wed Jul 18 2012 Fedora Release Engineering - 1.2.11.7-2.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 28 2012 Petr Pisar - 1.2.11.7-2.1 +- Perl 5.16 rebuild + +* Wed Jun 27 2012 Rich Megginson - 1.2.11.7-2 - Ticket 378 - unhashed#user#password visible after changing password -- fix typo in previous patch -- Trac Ticket 396 - Account Usability Control Not Working +- fix func declaration from previous patch +- Ticket 366 - Change DS to purge ticket from krb cache in case of authentication error * Tue Jun 26 2012 Rich Megginson - 1.2.10.11-1 - rebase to 1.2.10.11 to pick up several crash + security fixes diff --git a/sources b/sources index 0bc122c..a64c95d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fcfbf17ce381f77b9608663cbd30cd1f 389-ds-base-1.2.11.24.tar.bz2 +adb6ac765fe2b766f06ee920126a06d2 389-ds-base-1.2.11.25.tar.bz2