From ba0bbbcabfbc7825f8dfeee1750beadbe910c3ea Mon Sep 17 00:00:00 2001 From: Daniel Steiner Date: Tue, 8 Feb 2022 08:06:59 +0100 Subject: [PATCH] Update ds-389 to 2.0.x --- centos/SPECS/389-ds-base.spec | 793 ++++++++++++++++++++++++++-------- 1 file changed, 619 insertions(+), 174 deletions(-) diff --git a/centos/SPECS/389-ds-base.spec b/centos/SPECS/389-ds-base.spec index a57e817..a7122fc 100644 --- a/centos/SPECS/389-ds-base.spec +++ b/centos/SPECS/389-ds-base.spec @@ -1,36 +1,31 @@ + %global pkgname dirsrv %global srcname 389-ds-base -%global bundle_jemalloc 1 -%if %{bundle_jemalloc} -%global jemalloc_name jemalloc -%global jemalloc_ver 5.2.1 -%endif +# Exclude i686 bit arches +ExcludeArch: i686 # for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release # also remove the space between % and global - this space is needed because # fedpkg verrel stupidly ignores comment lines -%global prerel %{nil} +#% global prerel .rc3 # also need the relprefix field for a pre-release e.g. .0 - also comment out for official release #% global relprefix 0. # If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. %global use_Socket6 0 -# This enables a sanitized build. This should not go to production, so we rename. %global use_asan 0 -%global use_msan 0 -%global use_tsan 0 -%global use_ubsan 0 +%global use_rust 1 +%global bundle_jemalloc 1 +%if %{use_asan} +%global bundle_jemalloc 0 +%endif -# This enables rust in the build. -%global use_rust 0 - -%define nspr_version 4.6 -%define nss_version 3.11 - -%if %{use_asan} || %{use_msan} || %{use_tsan} || %{use_ubsan} -%global variant base-xsan +%if %{bundle_jemalloc} +%global jemalloc_name jemalloc +%global jemalloc_ver 5.2.1 +%global __provides_exclude ^libjemalloc\\.so.*$ %endif # Use Clang instead of GCC @@ -49,21 +44,115 @@ # set PIE flag %global _hardened_build 1 -Summary: 389 Directory Server (%{variant}) +# Filter argparse-manpage from autogenerated package Requires +%global __requires_exclude ^python.*argparse-manpage + +# Force to require nss version greater or equal as the version available at the build time +# See bz1986327 +%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") + +Summary: 389 Directory Server (base) Name: 389-ds-base -Version: 1.4.4.16 -Release: %{?relprefix}2%{?prerel}%{?dist} -License: GPLv3+ -URL: https://www.port389.org/ -Group: System Environment/Daemons +Version: 2.0.14 +Release: %{?relprefix}1%{?prerel}%{?dist} +License: GPLv3+ and (ASL 2.0 or MIT) +URL: https://www.port389.org Conflicts: selinux-policy-base < 3.9.8 Conflicts: freeipa-server < 4.0.3 Obsoletes: %{name} <= 1.4.0.9 Obsoletes: %{name}-legacy-tools < 1.4.4.6 Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6 -Provides: ldif2ldbm +Provides: ldif2ldbm >= 0 + +##### Bundled cargo crates list - START ##### +Provides: bundled(crate(ahash)) = 0.7.6 +Provides: bundled(crate(ansi_term)) = 0.12.1 +Provides: bundled(crate(atty)) = 0.2.14 +Provides: bundled(crate(autocfg)) = 1.0.1 +Provides: bundled(crate(base64)) = 0.13.0 +Provides: bundled(crate(bitflags)) = 1.3.2 +Provides: bundled(crate(byteorder)) = 1.4.3 +Provides: bundled(crate(cbindgen)) = 0.9.1 +Provides: bundled(crate(cc)) = 1.0.72 +Provides: bundled(crate(cfg-if)) = 1.0.0 +Provides: bundled(crate(clap)) = 2.34.0 +Provides: bundled(crate(concread)) = 0.2.21 +Provides: bundled(crate(crossbeam)) = 0.8.1 +Provides: bundled(crate(crossbeam-channel)) = 0.5.2 +Provides: bundled(crate(crossbeam-deque)) = 0.8.1 +Provides: bundled(crate(crossbeam-epoch)) = 0.9.6 +Provides: bundled(crate(crossbeam-queue)) = 0.3.3 +Provides: bundled(crate(crossbeam-utils)) = 0.8.6 +Provides: bundled(crate(entryuuid)) = 0.1.0 +Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 +Provides: bundled(crate(fastrand)) = 1.7.0 +Provides: bundled(crate(fernet)) = 0.1.4 +Provides: bundled(crate(foreign-types)) = 0.3.2 +Provides: bundled(crate(foreign-types-shared)) = 0.1.1 +Provides: bundled(crate(getrandom)) = 0.2.4 +Provides: bundled(crate(hashbrown)) = 0.11.2 +Provides: bundled(crate(hermit-abi)) = 0.1.19 +Provides: bundled(crate(instant)) = 0.1.12 +Provides: bundled(crate(itoa)) = 1.0.1 +Provides: bundled(crate(jobserver)) = 0.1.24 +Provides: bundled(crate(lazy_static)) = 1.4.0 +Provides: bundled(crate(libc)) = 0.2.115 +Provides: bundled(crate(librnsslapd)) = 0.1.0 +Provides: bundled(crate(librslapd)) = 0.1.0 +Provides: bundled(crate(lock_api)) = 0.4.5 +Provides: bundled(crate(log)) = 0.4.14 +Provides: bundled(crate(lru)) = 0.7.2 +Provides: bundled(crate(memoffset)) = 0.6.5 +Provides: bundled(crate(once_cell)) = 1.9.0 +Provides: bundled(crate(openssl)) = 0.10.38 +Provides: bundled(crate(openssl-sys)) = 0.9.72 +Provides: bundled(crate(parking_lot)) = 0.11.2 +Provides: bundled(crate(parking_lot_core)) = 0.8.5 +Provides: bundled(crate(paste)) = 0.1.18 +Provides: bundled(crate(paste-impl)) = 0.1.18 +Provides: bundled(crate(pin-project-lite)) = 0.2.8 +Provides: bundled(crate(pkg-config)) = 0.3.24 +Provides: bundled(crate(ppv-lite86)) = 0.2.16 +Provides: bundled(crate(proc-macro-hack)) = 0.5.19 +Provides: bundled(crate(proc-macro2)) = 1.0.36 +Provides: bundled(crate(pwdchan)) = 0.1.0 +Provides: bundled(crate(quote)) = 1.0.15 +Provides: bundled(crate(rand)) = 0.8.4 +Provides: bundled(crate(rand_chacha)) = 0.3.1 +Provides: bundled(crate(rand_core)) = 0.6.3 +Provides: bundled(crate(rand_hc)) = 0.3.1 +Provides: bundled(crate(redox_syscall)) = 0.2.10 +Provides: bundled(crate(remove_dir_all)) = 0.5.3 +Provides: bundled(crate(ryu)) = 1.0.9 +Provides: bundled(crate(scopeguard)) = 1.1.0 +Provides: bundled(crate(serde)) = 1.0.136 +Provides: bundled(crate(serde_derive)) = 1.0.136 +Provides: bundled(crate(serde_json)) = 1.0.78 +Provides: bundled(crate(slapd)) = 0.1.0 +Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 +Provides: bundled(crate(smallvec)) = 1.8.0 +Provides: bundled(crate(strsim)) = 0.8.0 +Provides: bundled(crate(syn)) = 1.0.86 +Provides: bundled(crate(synstructure)) = 0.12.6 +Provides: bundled(crate(tempfile)) = 3.3.0 +Provides: bundled(crate(textwrap)) = 0.11.0 +Provides: bundled(crate(tokio)) = 1.15.0 +Provides: bundled(crate(tokio-macros)) = 1.7.0 +Provides: bundled(crate(toml)) = 0.5.8 +Provides: bundled(crate(unicode-width)) = 0.1.9 +Provides: bundled(crate(unicode-xid)) = 0.2.2 +Provides: bundled(crate(uuid)) = 0.8.2 +Provides: bundled(crate(vcpkg)) = 0.2.15 +Provides: bundled(crate(vec_map)) = 0.8.2 +Provides: bundled(crate(version_check)) = 0.9.4 +Provides: bundled(crate(wasi)) = 0.10.2+wasi_snapshot_preview1 +Provides: bundled(crate(winapi)) = 0.3.9 +Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(zeroize)) = 1.5.1 +Provides: bundled(crate(zeroize_derive)) = 1.3.1 +##### Bundled cargo crates list - END ##### -# Attach the buildrequires to the top level package: BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.34 BuildRequires: openldap-devel @@ -76,19 +165,13 @@ BuildRequires: cracklib-devel %if %{use_clang} BuildRequires: libatomic BuildRequires: clang -BuildRequires: compiler-rt %else BuildRequires: gcc BuildRequires: gcc-c++ %endif -%if %{use_tsan} -BuildRequires: libtsan -%endif -%if %{use_ubsan} -BuildRequires: libubsan -%endif # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel +BuildRequires: lm_sensors-devel BuildRequires: bzip2-devel BuildRequires: zlib-devel BuildRequires: openssl-devel @@ -96,6 +179,9 @@ BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: systemd-units BuildRequires: systemd-devel +%if %{use_asan} +BuildRequires: libasan +%endif # If rust is enabled %if %{use_rust} BuildRequires: cargo @@ -104,6 +190,7 @@ BuildRequires: rust BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(krb5) + # Needed to support regeneration of the autotool artifacts. BuildRequires: autoconf BuildRequires: automake @@ -113,112 +200,110 @@ BuildRequires: doxygen # For tests! BuildRequires: libcmocka-devel BuildRequires: libevent-devel -# For lib389 and related components. -BuildRequires: python%{python3_pkgversion} +# For lib389 and related components BuildRequires: python%{python3_pkgversion}-devel BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python%{python3_pkgversion}-ldap +BuildRequires: python%{python3_pkgversion}-six BuildRequires: python%{python3_pkgversion}-pyasn1 BuildRequires: python%{python3_pkgversion}-pyasn1-modules BuildRequires: python%{python3_pkgversion}-dateutil BuildRequires: python%{python3_pkgversion}-argcomplete BuildRequires: python%{python3_pkgversion}-argparse-manpage -BuildRequires: python%{python3_pkgversion}-policycoreutils BuildRequires: python%{python3_pkgversion}-libselinux +BuildRequires: python%{python3_pkgversion}-policycoreutils # For cockpit %if %{use_cockpit} BuildRequires: rsync -BuildRequires: npm -BuildRequires: nodejs %endif -# END BUILD REQUIRES - -# Now, attach the requires only to the package that needs them. -# -libs has most of our runtime libs Requires: %{name}-libs = %{version}-%{release} -%if 0%{?rhel} > 7 || 0%{?fedora} Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} -%endif # this is needed for using semanage from our setup scripts Requires: policycoreutils-python-utils -# This is needed for our future move to python selinux interaction. +Requires: /usr/sbin/semanage Requires: libsemanage-python%{python3_pkgversion} + +Requires: selinux-policy + # the following are needed for some of our scripts Requires: openldap-clients +Requires: /usr/bin/c_rehash +Requires: python%{python3_pkgversion}-ldap + # this is needed to setup SSL if you are not using the # administration server package Requires: nss-tools Requires: nss >= 3.34 + # these are not found by the auto-dependency method # they are required to support the mandatory LDAP SASL mechs Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-md5 -# This is optionally supported by us, as we use it in our tests Requires: cyrus-sasl-plain -# this is needed for verify-db.pl and backldbm + +# this is needed for verify-db.pl Requires: libdb-utils -Requires: libdb -# This picks up libperl.so as a Requires, so we add this versioned one -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +# Needed for password dictionary checks +Requires: cracklib-dicts + # Needed by logconv.pl Requires: perl-DB_File Requires: perl-Archive-Tar -# Needed for password dictionary checks -Requires: cracklib-dicts +%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 +Requires: perl-debugger +Requires: perl-sigtrap +%endif + # Picks up our systemd deps. %{?systemd_requires} -Source0: %{name}-%{version}%{?prerel}.tar.bz2 +Obsoletes: %{name} <= 1.3.5.4 + +Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}%{?prerel}.tar.bz2 # 389-ds-git.sh should be used to generate the source tarball from git Source1: %{name}-git.sh Source2: %{name}-devel.README +%if %{bundle_jemalloc} Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 -Source4: ds-389-cockpit-console.tar.gz +%endif + +# Remove this after rust-1.56 lands in repos +%if 0%{?rhel} == 8 +Patch0: concread-use-2018-edition.patch +%endif %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. %if %{use_asan} WARNING! This build is linked to Address Sanitisation libraries. This probably -isnt what you want. Please contact support immediately. +isn't what you want. Please contact support immediately. Please see http://seclists.org/oss-sec/2016/q1/363 for more information. %endif - %package libs -Summary: Core libraries for 389 Directory Server (%{variant}) -Group: System Environment/Daemons -Provides: svrcore = 4.1.4 -Obsoletes: svrcore <= 4.1.3 -Conflicts: svrcore -# You can work this out by running LDD on libslapd.so to see what it needs in -# isolation. -Requires: nss >= 3.34 -Requires: nspr -Requires: openldap -Requires: libevent -Requires: systemd-libs -# Pull in sasl -Requires: cyrus-sasl-lib -# KRB +Summary: Core libraries for 389 Directory Server +BuildRequires: nspr-devel +BuildRequires: nss-devel >= 3.34 +BuildRequires: openldap-devel +BuildRequires: libdb-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: libicu-devel +BuildRequires: pcre-devel +BuildRequires: libtalloc-devel +BuildRequires: libevent-devel +BuildRequires: libtevent-devel Requires: krb5-libs -%if %{use_clang} -Requires: llvm -Requires: compiler-rt -%else -%if %{use_asan} -Requires: libasan -%endif -%if %{use_tsan} -Requires: libtsan -%endif -%if %{use_ubsan} -Requires: libubsan -%endif -%endif +Requires: libevent +BuildRequires: systemd-devel +BuildRequires: make +Provides: svrcore = 4.1.4 +Conflicts: svrcore +Obsoletes: svrcore <= 4.1.3 %description libs Core libraries for the 389 Directory Server base package. These libraries @@ -226,52 +311,48 @@ are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package. %package devel -Summary: Development libraries for 389 Directory Server (%{variant}) -Group: Development/Libraries -Provides: svrcore-devel = 4.1.4 -Obsoletes: svrcore-devel <= 4.1.3 -Conflicts: svrcore-devel +Summary: Development libraries for 389 Directory Server Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig Requires: nspr-devel Requires: nss-devel >= 3.34 Requires: openldap-devel -# systemd-libs contains the headers iirc. +Requires: libtalloc +Requires: libevent +Requires: libtevent Requires: systemd-libs +Provides: svrcore-devel = 4.1.4 +Conflicts: svrcore-devel +Obsoletes: svrcore-devel <= 4.1.3 %description devel Development Libraries and headers for the 389 Directory Server base package. - %package snmp Summary: SNMP Agent for 389 Directory Server -Group: System Environment/Daemons Requires: %{name} = %{version}-%{release} -Obsoletes: %{name} <= 1.3.5.4 + +Obsoletes: %{name} <= 1.4.0.0 %description snmp SNMP Agent for the 389 Directory Server base package. - %package -n python%{python3_pkgversion}-lib389 Summary: A library for accessing, testing, and configuring the 389 Directory Server BuildArch: noarch -Group: Development/Libraries Requires: openssl -# This is for /usr/bin/c_rehash tool, only needed for openssl < 1.1.0 -Requires: openssl-perl Requires: iproute +Recommends: bash-completion Requires: python%{python3_pkgversion} Requires: python%{python3_pkgversion}-distro -Requires: python%{python3_pkgversion}-pytest Requires: python%{python3_pkgversion}-ldap +Requires: python%{python3_pkgversion}-six Requires: python%{python3_pkgversion}-pyasn1 Requires: python%{python3_pkgversion}-pyasn1-modules Requires: python%{python3_pkgversion}-dateutil Requires: python%{python3_pkgversion}-argcomplete Requires: python%{python3_pkgversion}-libselinux Requires: python%{python3_pkgversion}-setuptools -Recommends: bash-completion %{?python_provide:%python_provide python%{python3_pkgversion}-lib389} %description -n python%{python3_pkgversion}-lib389 @@ -292,7 +373,7 @@ A cockpit UI Plugin for configuring and administering the 389 Directory Server %endif %prep -%setup -q -n %{name}-%{version}%{?prerel} +%autosetup -p1 -n %{name}-%{version}%{?prerel} %if %{bundle_jemalloc} %setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3 @@ -302,36 +383,27 @@ cp %{SOURCE2} README.devel %build -%if %{use_clang} -export CC=clang -export CXX=clang++ -CLANG_FLAGS="--enable-clang" -%endif - +OPENLDAP_FLAG="--with-openldap" %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} +# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 +NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" -%if %{use_asan} && !%{use_rust} +%if %{use_asan} ASAN_FLAGS="--enable-asan --enable-debug" %endif -%if %{use_msan} && !%{use_rust} -MSAN_FLAGS="--enable-msan --enable-debug" -%endif - -%if %{use_tsan} && !%{use_rust} -TSAN_FLAGS="--enable-tsan --enable-debug" -%endif - -%if %{use_ubsan} && !%{use_rust} -UBSAN_FLAGS="--enable-ubsan --enable-debug" -%endif - %if %{use_rust} -RUST_FLAGS="--enable-rust" +RUST_FLAGS="--enable-rust --enable-rust-offline" %endif %if !%{use_cockpit} COCKPIT_FLAGS="--disable-cockpit" +%endif + +%if %{use_clang} +export CC=clang +export CXX=clang++ +CLANG_FLAGS="--enable-clang" %endif %if %{bundle_jemalloc} @@ -357,24 +429,28 @@ pushd ../%{jemalloc_name}-%{jemalloc_ver} %configure \ --libdir=%{_libdir}/%{pkgname}/lib \ --bindir=%{_libdir}/%{pkgname}/bin \ - --enable-prof %{lg_page} + --enable-prof make %{?_smp_mflags} popd %endif +# Enforce strict linking +%define _ld_strict_symbol_defs 1 + # Rebuild the autotool artifacts now. autoreconf -fiv -%configure --with-selinux $TMPFILES_FLAG \ +%configure --enable-autobind --with-selinux $TMPFILES_FLAG \ --with-systemd \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ - --with-systemdgroupname=%{groupname} \ + --with-systemdgroupname=%{groupname} \ --libexecdir=%{_libexecdir}/%{pkgname} \ - $ASAN_FLAGS $MSAN_FLAGS $TSAN_FLAGS $UBSAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ - --enable-cmocka + $NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ + --enable-cmocka \ + --enable-perl + -%if 0%{?rhel} > 7 || 0%{?fedora} # lib389 pushd ./src/lib389 %py3_build @@ -386,15 +462,13 @@ sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/m sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8 sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8 -%endif - # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS -make %{?_smp_mflags} +#make %{?_smp_mflags} +make %install -rm -rf $RPM_BUILD_ROOT mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} %if %{use_cockpit} @@ -410,23 +484,19 @@ find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot # Copy in our docs from doxygen. cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 -%if 0%{?rhel} > 7 || 0%{?fedora} # lib389 pushd src/lib389 %py3_install popd -%endif - mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} -mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} \ - && chmod 770 $RPM_BUILD_ROOT/var/lock/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} # for systemd mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants -#remove libtool and static libs +# remove libtool archives and static libs rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a @@ -444,14 +514,8 @@ popd %check # This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. -%if %{use_tsan} -export TSAN_OPTIONS=print_stacktrace=1:second_deadlock_stack=1:history_size=7 -%endif if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi -%clean -rm -rf $RPM_BUILD_ROOT - %post if [ -n "$DEBUGPOSTTRANS" ] ; then output=$DEBUGPOSTTRANS @@ -460,14 +524,9 @@ else output=/dev/null output2=/dev/null fi - # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >$output 2>&1 || : -# find all instances -instances="" # instances that require a restart after upgrade -ninst=0 # number of instances found in total - # https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation # Soft static allocation for UID and GID USERNAME="dirsrv" @@ -476,12 +535,12 @@ GROUPNAME="dirsrv" ALLOCATED_GID=389 HOMEDIR="/usr/share/dirsrv" -getent group $GROUPNAME >/dev/null || groupadd -f -g $ALLOCATED_GID -r $GROUPNAME +getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME if ! getent passwd $USERNAME >/dev/null ; then if ! getent passwd $ALLOCATED_UID >/dev/null ; then - useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME + /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME else - useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME + /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME fi fi @@ -543,6 +602,7 @@ fi %postun snmp %systemd_postun_with_restart %{pkgname}-snmp.service +exit 0 %files %if %{bundle_jemalloc} @@ -573,13 +633,13 @@ fi %{_mandir}/man1/logconv.pl.1.gz %{_bindir}/pwdhash %{_mandir}/man1/pwdhash.1.gz -# We have to seperate this from being a glob to ensure the caps are applied. -# %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd +#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd %{_sbindir}/ns-slapd %{_mandir}/man8/ns-slapd.8.gz %{_sbindir}/openldap_to_ds %{_mandir}/man8/openldap_to_ds.8.gz %{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl +%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh %{_mandir}/man5/99user.ldif.5.gz %{_mandir}/man5/certmap.conf.5.gz %{_mandir}/man5/slapd-collations.conf.5.gz @@ -625,7 +685,7 @@ fi %dir %{_libdir}/%{pkgname} %{_libdir}/libsvrcore.so.* %{_libdir}/%{pkgname}/libslapd.so.* -%{_libdir}/%{pkgname}/libns-dshttpd-*.so +%{_libdir}/%{pkgname}/libns-dshttpd.so.* %{_libdir}/%{pkgname}/libldaputil.so.* %{_libdir}/%{pkgname}/librewriters.so* %if %{bundle_jemalloc} @@ -659,33 +719,418 @@ fi %endif %changelog -* Wed Aug 11 2021 Daniel Steiner -- Update to latest version (1.4.4.16). +* Thu Jan 27 2022 Mark Reynolds - 2.0.14-1 +- Bump version to 2.0.14-1 +- Issue 5127 - ds_selinux_restorecon.sh: always exit 0 +- Issue 5037 - in OpenQA changelog trimming can crashes (#5070) +- Issue 4992 - BUG - slapd.socket container fix (#4993) +- Issue 5079 - BUG - multiple ways to specific primary (#5087) +- Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094) +- Issue 5135 - UI - Disk monitoring threshold does update properly +- Issue 5129 - BUG - Incorrect fn signature in add_index (#5130) -* Wed Feb 17 2021 Daniel Steiner -- Update to latest version (1.4.4.13). +* Thu Jan 27 2022 Adam Williamson - 2.0.13-2 +- Backport PR#5141 to fix startup when a directory doesn't exist (#2047323) -* Tue Dec 22 2020 Daniel Steiner -- Fix for cockpit console. +* Mon Jan 24 2022 Mark Reynolds - 2.0.13-1 +- Bump version to 2.0.13 +- Issue 5132 - Update Rust crate lru to fix CVE +- Issue 3555 - UI - fix audit issue with npm nanoid +- Issue 4299 - UI - Add ACI editing features +- Issue 4299 - UI - LDAP editor - add "edit" and "rename" functionality +- Issue 5127 - run restorecon on /dev/shm at server startup +- Issue 5124 - dscontainer fails to create an instance +- Issue 4312 - fix compiler warnings +- Issue 5115 - AttributeError: type object 'build_manpages' has no attribute 'build_manpages' +- Issue 4312 - performance search rate: contention on global monitoring counters (#4940) +- Issue 5105 - During a bind, if the target entry is not reachable the operation may complete without sending result (#5107) +- Issue 5095 - sync-repl with openldap may send truncated syncUUID (#5099) +- Issue 3584 - Add is_fips check to password tests (#5100) +- Issue 5074 - retro changelog cli updates (#5075) +- Issue 4994 - Revert retrocl dependency workaround (#4995) -* Wed Dec 9 2020 Daniel Steiner -- Update to latest version (1.4.4.9). +* Thu Dec 16 2021 Mark Reynolds - 2.0.12-1 +- Bump version to 2.0.12-1 +- Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality +- Issue 4962 - Fix various UI bugs - Database and Backups (#5044) +- Issue 5046 - BUG - update concread (#5047) +- Issue 5043 - BUG - Result must be used compiler warning (#5045) +- Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections +- Issue 4931 - RFE: dsidm - add creation of service accounts +- Issue 5024 - BUG - windows ro replica sigsegv (#5027) +- Issue 5020 - BUG - improve clarity of posix win sync logging (#5021) +- Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeeds (#5009) -* Tue Aug 4 2020 Daniel Steiner -- Update to latest version (1.4.4.4). +* Thu Dec 2 2021 Mark Reynolds - 2.0.11-2 +- Bump version to 2.0.11-2 +- Update selinux Requirement to selinux-policy-34.17-1 -* Mon Jul 6 2020 Daniel Steiner -- Update to latest version (1.4.4.3). +* Mon Nov 22 2021 Mark Reynolds - 2.0.11-1 +- Bump version to 2.0.11 +- Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016) +- Issue 5014 - UI - Add group creation to LDAP editor +- Issue 5006 - UI - LDAP editor tree not being properly updated +- Issue 5001 - Update CI test for new availableSASLMechs attribute +- Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail. +- Issue 5001 - Fix next round of UI bugs: +- Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000) +- Issue 4978 - use more portable python command for checking containers +- Issue 4678 - RFE automatique disable of virtual attribute checking (#4918) +- Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981) +- Issue 4978 - make installer robust +- Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import +- Issue 4973 - update snmp to use /run/dirsrv for PID file +- Issue 4962 - Fix various UI bugs - Plugins (#4969) +- Issue 4973 - installer changes permissions on /run +- Issue 4092 - systemd-tmpfiles warnings +- Issue 4956 - Automember allows invalid regex, and does not log proper error +- Issue 4731 - Promoting/demoting a replica can crash the server +- Issue 4962 - Fix various UI bugs part 1 +- Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949) +- Issue 4943 - Fix csn generator to limit time skew drift (#4946) +- Issue 2790 - Set db home directory by default +- Issue 4299 - Merge LDAP editor code into Cockpit UI +- Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace +- Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922) +- Issue 4847 - BUG - potential deadlock in replica (#4936) +- Issue 4513 - fix ACI CI tests involving ip/hostname rules +- Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926) +- Issue 4916 - Memory leak in ldap-agent -* Thu Feb 13 2020 Daniel Steiner -- Update to latest version (1.4.2.7). +* Thu Nov 04 2021 Viktor Ashirov - 2.0.10-2 +- Resolves #rhbz2016595 -* Wed Nov 27 2019 Daniel Steiner -- Update to latest version (1.4.2.4). +* Mon Sep 20 2021 Mark Reynolds - 2.0.10-1 +- Bump version to 2.0.10 +- Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.) +- Issue 4912 - Account Policy plugin does not set the config entry DN +- Issue 4863 - typoes in logconv.pl +- Issue 4796 - Add support for nsslapd-state to CLI & UI +- Issue 4894 - IPA failure in ipa user-del --preserve (#4907) +- Issue 4912 - dsidm command crashing when account policy plugin is enabled +- Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index +- Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks +- Issue 4887 - UI - fix minor regression from camelCase fixup -* Tue Nov 5 2019 Daniel Steiner -- Update to latest version (1.4.2.3). +* Mon Aug 30 2021 Mark Reynolds - 2.0.9-1 +- Bump version to 2.0.9 +- Issue 4887 - UI - Update webpack.config.js and package.json +- Issue 4149 - UI - Migrate the remaining components to PF4 +- Issue 4875 - CLI - Add some verbosity to installer +- Issue 4884 - server crashes when dnaInterval attribute is set to zero -* Wed Oct 2 2019 Daniel Steiner -- First build. +* Mon Aug 23 2021 Mark Reynolds - 2.0.8-1 +- Bump version to 2.0.8 +- Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878) +- Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876) +- Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867) +- Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871) +- Issue 4736 - lib389 - fix regression in certutil error checking +- Issue 4861 - Improve instructions in custom.conf for memory leak detection +- Issue 4859 - Do not version libns-dshttpd +- Issue 4169 - Migrate Replication & Schema tabs to PF4 +- Issue 4623 - RFE - Monitor the current DB locks ( nsslapd-db-current-locks ) +- Issue 4736 - CLI - Errors from certutil are not propagated +- Issue 4460 - Fix isLocal and TLS paths discovery (#4850) +- Issue 4848 - Force to require nss version greater or equal as the version available at the build time +- Issue 4696 - Password hash upgrade on bind (#4840) + +* Thu Jul 15 2021 Mark Reynolds - 2.0.7-1 +- Bump version to 2.0.7 +- Issue 4443 - Internal unindexed searches in syncrepl/retro changelog +- Issue 4603 - Reindexing a single backend (#4831) +- Issue 4169 - UI - migrate Server Tab forms to PF4 +- Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819) +- Issue 4820 - RFE - control flow integrity (#4821) +- Issue 4706 - negative wtime for compare operations (#4780) +- Issue 4414 - SIGFPE crash in rhds disk monitoring routine (#4829) +- Issue 4262 - Fix Index out of bound in fractional test (#4828) +- Issue 4826 - Filter argparse-manpage from autogenerated requires +- Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823) +- Issue 2820 - Fix CI test suite issues + +* Wed Jun 23 2021 Thierry Bordaz - 2.0.6-1 +- Bump version to 2.0.6 +- Issue 4803 - Improve DB Locks Monitoring Feature Descriptions +- Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810) +- Issue 4169 - UI - Migrate Typeaheads to PF4 (#4808) +- Issue 4414 - disk monitoring - prevent division by zero crash +- Issue 4788 - CLI should support Temporary Password Rules attributes (#4793) +- Issue 4656 - Fix replication plugin rename dependency issues +- Issue 4656 - replication name change upgrade code causes crash with dynamic plugins +- Issue 4506 - Improve SASL logging +- Issue 4709 - Fix double free in dbscan +- Issue 4093 - Fix MEP test case +- Issue 4747 - Remove unstable/unstatus tests (followup) (#4809) +- Issue 4791 - Missing dependency for RetroCL RFE (#4792) +- Issue 4794 - BUG - don't capture container output (#4798) +- Issue 4593 - Log an additional message if the server certificate nickname doesn't match nsSSLPersonalitySSL value +- Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799) +- Issue 4169 - UI Migrate checkbox to PF4 (#4769) +- Issue 4447 - Crash when the Referential Integrity log is manually edited +- Issue 4773 - Add CI test for DNA interval assignment +- Issue 4789 - Temporary password rules are not enforce with local password policy (#4790) +- Issue 4379 - fixing regression in test_info_disclosure +- Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service +- Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service +- Issue 4575 Update test docstrings metadata +- Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream +- removed the snmp_present() from utils.py as we have get_rpm_version() in conftest.py +- Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream + +* Sun May 30 2021 Mark Reynolds - 2.0.5-1 +- Bump version to 2.0.5 +- Issue 4778 - RFE - Allow setting TOD for db compaction and add task +- Issue 4169 - UI - Port plugin tables to PF4 +- Issue 4656 - Allow backward compatilbity for replication plugin name change +- Issue 4764 - replicated operation sometime checks ACI (#4783) +- Issue 2820 - Fix CI test suite issues +- Issue 4781 - There are some typos in man-pages +- Issue 4773 - Enable interval feature of DNA plugin +- Issue 4623 - RFE - Monitor the current DB locks (#4762) +- Issue 3555 - Fix UI audit issue +- Issue 4725 - Fix compiler warnings +- Issue 4770 - Lower FIPS logging severity +- Issue 4765 - database suffix unexpectdly changed from .db to .db4 (#4766) +- Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727) +- Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748) +- Issue 4759 - Fix coverity issue (#4760) +- Issue 4169 - UI - Migrate Buttons to PF4 (#4745) +- Issue 4714 - dscontainer fails with rootless podman +- Issue 4750 - Fix compiler warning in retrocl (#4751) +- Issue 4742 - UI - should always use LDAPI path when calling CLI +- Issue 4169 - UI - Migrate Server, Security, and Schema tables to PF4 +- Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732) +- Issue 4701 - RFE - Exclude attributes from retro changelog (#4723) +- Issue 4740 - Fix CI lib389 userPwdPolicy and subtreePwdPolicy (#4741) +- Issue 4711 - SIGSEV with sync_repl (#4738) +- Issue 4734 - import of entry with no parent warning (#4735) +- Issue 4729 - GitHub Actions fails to run pytest tests +- Issue 4656 - Remove problematic language from source code +- Issue 4632 - dscontainer: SyntaxWarning: "is" with a literal. +- Issue 4169 - UI - migrate replication tables to PF4 +- Issue 4637 - ndn cache leak (#4724) +- Issue 4577 - Fix ASAN flags in specfile +- Issue 4169 - UI - PF4 migration - database tables +- issue 4653 - refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan (#4709) + +* Thu May 20 2021 Christian Heimes - 2.0.4-3 +- Enable interval feature of DNA plugin (resolves: rhbz#1962671) + +* Fri May 07 2021 Viktor Ashirov - 2.0.4-2 +- Rebuilt to fix NVR + +* Fri Apr 09 2021 Simon Pichugin - 2.0.4-1.1 +- Add Rust bundled Provides and Update License + +* Wed Apr 07 2021 Thierry Bordaz - 2.0.4-1 +- Bump version to 2.0.4 +- Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA (#4715) +- Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4713) +- Issue 4700 - Regression in winsync replication agreement (#4712) +- Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4710) +- Issue 4169 - UI - migrate monitor tables to PF4 +- issue 4585 - backend redesign phase 3c - dbregion test removal (#4665) +- Issue 2736 - remove remaining perl references +- Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736 +- Issue 4706 - negative wtime in access log for CMP operations +- Issue 3585 - LDAP server returning controltype in different sequence +- Issue 4127 - With Accounts/Account module delete fuction is not working (#4697) +- Issue 4666 - BUG - cb_ping_farm can fail with anonymous binds disabled (#4669) +- Issue 4671 - UI - Fix browser crashes +- Issue 4169 - UI - Add PF4 charts for server stats +- Issue 4648 - Fix some issues and improvement around CI tests (#4651) +- Issue 4654 Updates to tickets/ticket48234_test.py (#4654) +- Issue 4229 - Fix Rust linking +- Issue 4673 - Update Rust crates +- Issue 4658 - monitor - connection start date is incorrect +- Issue 4169 - UI - migrate modals to PF4 +- Issue 4656 - remove problematic language from ds-replcheck +- Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down +- Issue 4656 - Remove problematic language from UI/CLI/lib389 +- Issue 4661 - RFE - allow importing openldap schemas (#4662) +- Issue 4659 - restart after openldap migration to enable plugins (#4660) +- Merge pull request #4664 from mreynolds389/issue4663 +- issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622) +- Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645) +- Issue 4646 - CLI/UI - revise DNA plugin management +- Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647) +- Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652) +- Issue 4169 - UI - Migrate alerts to PF4 +- Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection +- Issue 4595 - Paged search lookthroughlimit bug (#4602) +- Issue 4169 - UI - port charts to PF4 +- Issue 2820 - Fix CI test suite issues +- Issue 4513 - CI - make acl ip address tests more robust + +* Fri Feb 26 2021 Alexander Bokovoy - 2.0.3-3 +- Remove a revert of the fix for Issue 4609 - CVE - info disclosure when authenticating(breaks Dogtag) +- Dogtag has fixed own code that failed in the presence of the fix for Issue 4609 + +* Fri Feb 19 2021 Mark Reynolds - 2.0.3-2 +- Bump version to 2.0.3-2 +- Revert Issue 4609 - CVE - info disclosure when authenticating(breaks DogTag) + +* Fri Feb 12 2021 Mark Reynolds - 2.0.3-1 +- Bump version to 2.0.3 +- Issue 4619 - remove pytest requirement from lib389 +- Issue 4615 - log message when psearch first exceeds max threads per conn +- Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618) +- Issue 4324 - Some architectures the cache line size file does not exist +- Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614) +- Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm +- PR 4564 - Update dscontainer +- Issue 4149 - UI - port TreeView and opther components to PF4 +- Issue 4577 - Add GitHub actions +- Issue 4591 - RFE - improve openldap_to_ds help and features (#4607) +- issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613) +- Issue 4609 - CVE - info disclosure when authenticating +- Issue 4348 - Add tests for dsidm +- Issue 4571 - Stale libdb-utils dependency +- Issue 4600 - performance modify rate: reduce lock contention on the object extension factory (#4601) +- Issue 4577 - Add GitHub actions +- Issue 4588 - BUG - unable to compile without xcrypt (#4589) +- Issue 4579 - libasan detects heap-use-after-free in URP test (#4584) +- Issue 4581 - A failed re-indexing leaves the database in broken state (#4582) +- Issue 4348 - Add tests for dsidm +- Issue 4577 - Add GitHub actions +- Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) +- Issue 4093 - fix compiler warnings and update doxygen +- Issue 4575 - Update test docstrings metadata +- Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553) +- Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569) +- Issue 4513 - Add DS version check to SSL version test (#4570) +- Issue 5442 - Search results are different between RHDS10 and RHDS11 +- Issue 4396 - Minor memory leak in backend (#4558) +- Issue 4513 - Fix replication CI test failures (#4557) +- Issue 4513 - Fix replication CI test failures (#4557) +- Issue 4153 - Added a CI test (#4556) +- Issue 4506 - BUG - fix oob alloc for fds (#4555) +- Issue 4548 - CLI - dsconf needs better root DN access control plugin validation +- Issue 4506 - Temporary fix for io issues (#4516) +- Issue 4535 - lib389 - Fix log function in backends.py +- Issue 4534 - libasan read buffer overflow in filtercmp (#4541) +- Issue 4544 - Compiler warnings on krb5 functions (#4545) +- Update rpm.mk for RUST tarballs + +* Mon Jan 25 2021 Fedora Release Engineering - 2.0.2-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Jan 14 2021 Mark Reynolds - 2.0.2-1 +- Bump version to 2.0.2 +- Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540) +- Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529) +- Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated +- Issue 4537 - Use KRB5_CLIENT_KTNAME for client keytabs (#4523) +- Issue 4513 - CI Tests - fix test failures +- Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533) +- Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt +- Issue 4504 - pytest test_dsconf_replication_monitor fails on RHEL - Fix merging issue (#4530) +- Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527) +- Issue 4506 - BUG - Fix bounds on fd table population (#4520) +- Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525) +- Issue 4219 - Log internal unindexed searches (notes=A) +- Issue 4384 - Separate eventq into REALTIME and MONOTONIC +- Issue 4381 - RFE - LDAPI authentication DN rewritter +- Issue 4513 - Fix schema test and lib389 task module (#4514) +- Issue 4414 - disk monitoring - prevent division by zero crash +- Issue 4517 - BUG: Multiple systemd pin warnings (#4518) +- Issue 4507 - Improve csngen testing task (#4508) +- Issue 4498 - BUG - entryuuid replication may not work (#4503) +- Issue 4480 - Unexpected info returned to ldap request (#4491) +- Issue 4504 - Fix pytest test_dsconf_replication_monitor (#4505) +- Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502) +- Issue 4500 - Add cockpit enabling to dsctl +- Issue 4272 - RFE - add support for gost-yescrypt for hashing passwords (#4497) +- Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481) +- Issue 3522 - Remove DES to AES conversion code +- Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493) +- Issue 4373 - BUG - calloc of size 0 in MT build (#4496) +- Issue 4483 - heap-use-after-free in slapi_be_getsuffix +- Issue 4486 - Remove random ldif file generation from import test (#4487) +- Issue 4224 - cleanup specfile after libsds removal +- Issue 4421 - Unable to build with Rust enabled in closed environment +- Issue 4489 - Remove return statement from a void function (#4490) +- Issue 4229 - RFE - Improve rust linking and build performance (#4474) +- Issue 4224 - openldap can become confused with entryuuid +- Issue 4313 - improve tests and improve readme re refdel +- Issue 4313 - fix potential syncrepl data corruption +- Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476) +- Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475) +- Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt (#4437) +- Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472) +- Issue 4446 - RFE - openldap password hashers +- Issue 4284 - dsidm fails to delete an organizationalUnit entry +- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466) +- Issue 4464 - RFE - clang with ds+asan+rust +- Issue 4105 - Remove python.six (fix regression) +- Issue 4384 - Use MONOTONIC clock for all timing events and conditions +- Issue 4418 - ldif2db - offline. Warn the user of skipped entries +- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467) +- Issue 4460 - BUG - lib389 should use system tls policy +- Issue 3657 - Add options to dsctl for dsrc file +- Issue 4454 - RFE - fix version numbers to allow object caching +- Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set +- Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439) +- Issue 4112 - Added a CI test (#4441) +- Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451) +- Issue 4105 - Remove python.six from lib389 (#4456) +- Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444) +- Issue 4410 - RFE - ndn cache with arc in rust +- Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid +- Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining +- Issue 4428 - Paged Results with Chaining Test Case +- Issue 2054 - do not add referrals for masters with different data generation +- Issue 4383 - Do not normalize escaped spaces in a DN +- Issue 4432 - After a failed online import the next imports are very slow +- Issue 4316 - performance search rate: useless poll on network send callback (#4424) +- Issue 4281 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked' +- Issue 4429 - NULL dereference in revert_cache() +- Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422) +- Issue 4407 - RFE - remove http client and presence plugin (#4409) +- Issue 4398 - build problems at alpine linux +- Issue 4415 - unable to query schema if there are extra parenthesis + +* Thu Oct 29 2020 Mark Reynolds - 2.0.1-1 +- Bump version to 2.0.1 +- Issue 4420 - change NVR to use X.X.X instead of X.X.X.X +- Issue 4391 - DSE config modify does not call be_postop (#4394) +- Issue 4218 - Verify the new wtime and optime access log keywords (#4397) +- Issue 4176 - CL trimming causes high CPU +- Issue 2058 - Add keep alive entry after on-line initialization - second version (#4399) +- Issue 4403 - RFE - OpenLDAP pw hash migration tests (#4408) + +* Wed Oct 28 2020 Mark Reynolds - 1.4.5.0-1 +- Bump version to 1.4.5.0 +- Issue 4262 - more perl removal cleanup +- Issue 2526 - retrocl backend created out of order + +* Mon Oct 26 2020 Mark Reynolds - 1.4.4.6-1 +- Bump version to 1.4.4.6 +- Issue 4262 - Remove legacy tools subpackage (final cleanup) +- Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install) +- Issue 4262 - Remove legacy tools subpackage +- Issue 2526 - revert API change in slapi_be_getsuffix() +- Issue 4363 - Sync repl: per thread structure was incorrectly initialized (#4395) +- Issue 4392 - Update create_test.py +- Issue 2820 - Fix CI tests (#4365) +- Issue 2526 - suffix management in backends incorrect +- Issue 4389 - errors log with incorrectly formatted message parent_update_on_childchange +- Issue 4295 - Fix a closing quote issue (#4386) +- Issue 1199 - Misleading message in access log for idle timeout (#4385) +- Issue 3600 - RFE - openldap migration tooling (#4318) +- Issue 4176 - import ldif2cl task should not close all changelogs +- Issue 4159 - Healthcheck code DSBLE0002 not returned on disabled suffix +- Issue 4379 - allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service (#4380) +- Issue 4329 - Sync repl - if a serie of updates target the same entry then the cookie get wrong changenumber (#4356) +- Issue 3555 - Fix npm audit issues (#4370) +- Issue 4372 - BUG - Chaining DB did not validate bind mech parameters (#4374) +- Issue 4334 - RFE - Task timeout may cause larger dataset imports to fail (#4359) +- Issue 4361 - RFE - add - dscreate --advanced flag to avoid user confusion +- Issue 4368 - ds-replcheck crashes when processing glue entries +- Issue 4366 - lib389 - Fix account status inactivity checks +- Issue 4265 - UI - Make the secondary plugins read-only (#4364) +- Issue 4360 - password policy max sequence sets is not working as expected +- Issue 4348 - Add tests for dsidm +- Issue 4350 - One line, fix invalid type error in tls_cacertdir check (#4358)