diff --git a/389-ds-base.obsinfo b/389-ds-base.obsinfo new file mode 100644 index 0000000..3f26452 --- /dev/null +++ b/389-ds-base.obsinfo @@ -0,0 +1,5 @@ +name: 389-ds-base +version: 1.4.1.6~git0.5ac5a8aad +mtime: 1563547486 +commit: 5ac5a8aadd42551ea0389907fd286b7d60157685 + diff --git a/389-ds-rpmlintrc b/389-ds-rpmlintrc new file mode 100644 index 0000000..b88d856 --- /dev/null +++ b/389-ds-rpmlintrc @@ -0,0 +1 @@ +addFilter("W: incorrect-fsf-address") diff --git a/389-ds.changes b/389-ds.changes new file mode 100644 index 0000000..ef5333a --- /dev/null +++ b/389-ds.changes @@ -0,0 +1,2336 @@ +------------------------------------------------------------------- +Fri Aug 30 14:11:58 UTC 2019 - William Brown + +- Change permission of ns-slapd from 750 to 755 to allow non-root + users to start the ldap server in containers and development + environments. + +------------------------------------------------------------------- +Fri Aug 23 04:20:20 UTC 2019 - William Brown + +- Temporarily back out of rust enablement due to incorrectly linked + library causing server startup failure. + +------------------------------------------------------------------- +Wed Aug 21 01:03:31 UTC 2019 - William Brown + +- During review an issue with libevent depedencies was noted. Change + to buildrequires libevent-devel. +- During testing of versioning of features it was noticed that legacy + perl builds were broken. + +------------------------------------------------------------------- +Thu Aug 8 05:31:18 UTC 2019 - William Brown + +- Fix spec file discrepencies from SLE + +------------------------------------------------------------------- +Thu Aug 8 05:14:19 UTC 2019 - William Brown + +- Update to correct license issue in spec file +- Update to simplify rust option selection + +------------------------------------------------------------------- +Wed Jul 31 04:16:25 UTC 2019 - 389-ds-maintainer@suse.de + +- Update to version 1.4.1.6~git0.5ac5a8aad: + * Bump version to 1.4.1.6 + * Issue 50355 - SSL version min and max not correctly applied + * Issue 50497 - Port cl-dump.pl tool to Python using lib389 + * Issue: 48851 - investigate and port TET matching rules filter tests(Final) + * correction to fix for #50417 + * Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file + * Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file + * Issue 50325 - Add Security tab to UI + * Ticket 49789 - By default, do not manage unhashed password + * Ticket 49421 - Implement password hash upgrade on bind. + * Ticket 49421 - on bind password upgrade proof of concept + * Ticket 50493 - connection_is_free to trylock + * Ticket 50459 - Correct issue with allocation state + * Issue 50499 - Fix audit issues and remove jquery from the whitelist + * Ticket 50459 - c_mutex to use pthread_mutex to allow ns sharing + * Ticket 50484 - Add a release build dockerfile and dscontainer improvements + * Issue 50486 - Update jemalloc to 5.2.0 + +------------------------------------------------------------------- +Tue Jul 09 00:21:43 UTC 2019 - 389-ds-maintainer@suse.de + +- Update to version 1.4.1.5~git0.748334143: + * Bump version to 1.4.1.5 + * Issue 50431 - Fix regression from coverity fix + * Issue 49239 - Add a new CI test case + * Issue 49997 - Add a new CI test case + * Issue 50177 - Add a new CI test case, also added fixes in lib389 + * Issue 49761 - Fix CI test suite issues + * Issue 50474 - Unify result codes for add and modify of repl5 config + * Ticket 50472 - memory leak with encryption + * Issue 50462 - Fix Root DN access control plugin CI tests + * Issue 50462 - Fix CI tests + * Ticket 50217 - Implement dsconf security section + * Issue: 48851 - Add more test cases to the match test suite. + * Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients + * Ticket 50439 - fix waitpid issue when pid does not exist + * Issue 50454 - Fix Cockpit UI branding + * Issue: 48851 - investigate and port TET matching rules filter tests(index) + * Issue 49232 - Truncate the message when buffer capacity is exceeded + * Bump version to 1.4.1.4 + * Ticket 49361 - Use IPv6 friendly network functions + * Issue: 48851 - Investigate and port TET matching rules filter tests(bug772777) + * Issue: 50446 - NameError: name 'ds_is_older' is not defined + * Issue 49602 - Revise replication status messages + * Ticket 50439 - Update docker integration to work out of source directory + * Ticket 50037 - revert path changes as it breaks prefix/rpm builds + * Issue 50431 - Fix regression from coverity fix + * Issue 50370 - CleanAllRUV task crashing during server shutdown + * Issue: 48851 - investigate and port TET matching rules filter tests(match) + * Issue 50417 - Fix missing quote in some legacy tools + * Ticket 50431 - Fix covscan warnings + * Revert "Issue 49960 - Core schema contains strings instead of numer oids" + * Issue 50426 - nsSSL3Ciphers is limited to 1024 characters + * Issue 50052 - Fix rpm.mk according to audit-ci change + * Issue 50365 - PIDFile= references path below legacy directory /var/run/ + * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request" + * Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS + * Ticket 50417 - Revise legacy tool scripts to work with new systemd changes + * Issue: 48851 - Add more search filters to vfilter_simple test suite + * Issue 49761 - Fix CI test suite issues + * Issue 49875 - Move SystemD service config to a drop-in file + * Ticket 50413 - ds-replcheck - Always display the Result Summary + * Issue 50052 - Add package-lock.json and use "npm ci" + * Issue: 48851 - investigate and port TET matching rules filter tests(vfilter simple) + * Ticket 50355 - NSS can change the requested SSL min and max versions + * Issue: 48851 - investigate and port TET matching rules filter tests(vfilter_ld) + * Issue 50390 - Add Managed Entries Plug-in Config Entry schema + * Ticket 49730 - Remove unused Mozilla ldapsdk variables + +------------------------------------------------------------------- +Mon May 27 03:04:55 UTC 2019 - 389-ds-maintainer@suse.de + +- Update to version 1.4.1.3~git0.1f1119d4b: + * Bump version to 1.4.1.3 + * Issue 49761 - Fix CI test suite issues + * Issue 50041 - Add the rest UI Plugin tabs - Part 2 + * Ticket 50340 - 2nd try - structs for diabled plugins will not be freed + * Issue 50403 - Instance creation fails on 1.3.9 using perl utils and latest lib389 + * Ticket 50389 - ns-slapd craches while two threads are polling the same connection + * Issue: 48851 - investigate and port TET matching rules filter tests(scanlimit) + * Issue 50037 - lib389 fails to install in venv under non-root user + * Issue: 50112 - Port ACI test suit from TET to python3(userattr) + * Ticket 50393 - maxlogsperdir accepting negative values + * Issue: 50112 - Port ACI test suit from TET to python3(roledn) + * Issue 49960 - Core schema contains strings instead of numer oids + * Ticket 50396 - Crash in PAM plugin when user does not exist + * Issue 50387 - enable_tls() should label ports with ldap_port_t + * Issue 50390 - Add Managed Entries Plug-in Config Entry schema + * Ticket 50306 - Fix regression with maxbersize + * Issue 50384 - Missing dependency: cracklib-dicts + * Issue 49029 - [RFE] improve internal operations logging + * Issue 49761 - Fix CI test suite issues + * Issue - 50374 dsdim posixgroup create fails with ERROR + * Ticket 50251 - clear text passwords visable in CLI verbose mode logging + * Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients + * Issue:48851 - investigate and port TET matching rules filter tests + * Issue 50220 - attr_encryption test suite failing + * Ticket 50370 - CleanAllRUV task crashing during server shutdown + * Ticket 50340 cont - structs for disabled plugins will not be freed + * Fix missing import + * Issue 50164 - Add test for dscreate to basic test suite + * Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes + * Issue 49730 - MozLDAP bindings have been unsupported for a while + * Issue #50353 - Categorize tests by tiers + * Issue 50303 - Add creation date to task data + * Issue: 50358 - Create a Bitwise Plugin class in plugins.py + * Remove the nss3 path prefix from the cert.h C preprocessor source file inclusion + * Ticket 50329 - revert fix + * Issue: 50112 - Port ACI test suit from TET to python3(keyaci) + * Ticket 50344 - tidy rpm vs build systemd flag handling + * Issue #50067 - Fix krb5 dependency in a specfile + * Ticket 50340 - structs for diabled plugins will not be freed + * Ticket 50327 - Add replication conflict support to UI + * Ticket 50327 - Add replication conflict entry support to lib389/CLI + * Ticket 50329 - improve connection default parameters + * Issue: 50313 - Add a NestedRole type to lib389 + * Issue:50112 - Port ACI test suit from TET to python3(Delete and Add) + * Ticket 49390, 50019 - support cn=config compare operations + * Issue 50041 - Add the rest UI Plugin tabs - Part 1 + * Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS + * Ticket 49990 - Increase the default FD limits + * Ticket 50306 - (cont typo) Move connection config inside struct + * Ticket 50291 - Add monitor tab functionality to Cockpit UI + * Fix cockpit console AppStream data + * Ticket 50317 - fix ds-backtrace issue on latest gdb + * Ticket 50305 - Revise CleanAllRUV task restart process + * Fix typo from: Issue 49915 - Add regression test + * Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is modified + * Ticket 49899 - fix pin.txt and pwdfile permissions + * Issue 49915 - Add regression test + * Ticket 50303 - Add task creation date to task data + * Ticket 50306 - Move connection config inside struct + * Ticket 50240 - Improve task logging + * Issue 50032 - Fix deprecation warnings in tests + * Ticket 50310 - fix sasl header include + * Ticket 49390 - improve compare and cn=config compare tests + +------------------------------------------------------------------- +Thu Apr 4 08:22:39 UTC 2019 - lnussel@suse.de + +- fix permissions handling (boo#1120189) + +------------------------------------------------------------------- +Mon Apr 01 02:14:26 UTC 2019 - 389-ds-maintainer@suse.de + +- Update to version 1.4.1.2~git0.9a126614a: + * Removes sysconfig from RPM as we no longer create it to detect + instance existance or settings. Older installs will still have + their sysconfig parsed, but new installs should use systemd + environment variables. + * Bump version to 1.4.1.2 + * Ticket 50308 - Revise memory leak fix + * Ticket 50308 - Fix memory leaks for repeat binds and replication + * Use PKG_CHECK_MODULES to detect the systemd library + * Use PKG_CHECK_MODULES to detect the kerberos library + * Use pkg-config from the host system to better support cross-compiling + * Use PKG_CHECK_MODULES to detect the libsasl2 library + * configure.ac: Add missing comma to an AC_ARG_ENABLE macro + * configure.ac: Remove unpaired parentheses from two help strings + * m4/doxygen.m4: Fix spelling of Doxygen in a message + * Use PKG_CHECK_MODULES to detect the pcre library + * Use PKG_CHECK_MODULES to detect the cmocka library + * Use PKG_CHECK_MODULES to detect the nss library + * Use PKG_CHECK_MODULES to detect the nspr library + * Use PKG_CHECK_MODULES to detect the event library + * Ticket 49873 - (cont 3rd) cleanup debug log + * Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup + * Issue 50292 - Fix Plugin CLI and UI issues + * Issue:50112 - Port ACI test suit from TET to python3(misc and syntax) + * Ticket 50289 - Fix various database UI issues + * Ticket 49463 After cleanALLruv, replication is looping on keep alive DEL + * Ticket 50300 - Fix memory leak in automember plugin + * Ticket 50265: the warning about skew time could last forever + * Ticket 50260 - Invalid cache flushing improvements + * Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry + * Ticket 50077 - Do not automatically turn automember postop modifies on + * Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members + * Ticket 49715 - extend account functionality + * Ticket 49873: (cont) Contention on virtual attribute lookup + * Ticket 50260 - backend txn plugins can corrupt entry cache + * Ticket 50255 - Port password policy test to use DSLdapObject + * Ticket 49667 - 49668 - remove old spec files + * Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present + * Issue: 50112 - Port ACI test suit from TET to python3(Search) + * Ticket 50259 - implement dn construction test + * Ticket 50273 - reduce default replicaton agmt timeout + * Ticket 50208 - lib389- Fix issue with list all instances + * Issue: 50112 - Port ACI test suit from TET to python3(Global Group) + * Issue 50041 - Add CLI functionality for special plugins + * Issue 50263 - LDAPS port not listening after installation + * Ticket 49575 - Indicate autosize value errors and corrective actions + * Ticket 50137 - create should not check in non-stateful mode for exist + * Ticket 49655 - remove doap file + * Issue 50197 - Fix dscreate regression + * Ticket 50234 - one level search returns not matching entry + * Ticket 50257 - lib389 - password policy user vs subtree checks are broken + * Issue: 50253 - Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py + * Issue 49029 - [RFE] improve internal operations logging + * Ticket 50230 - improve ioerror msg when not root/dirsrv + * Issue 50246 - Fix the regression in old control tools + * Ticket 50197 - Container integration part 2 + * Ticket 50197 - Container init tools + * Ticket 50232 - export creates not importable ldif file + * Ticket 50215 - UI - implement Database Tab in reachJS + * Ticket 50243 - refint modrdn stress test + * Ticket 50238 - Failed modrdn can corrupt entry cache + * Ticket 50236 - memberOf should be more robust + * Ticket 50213 - fix list instance issue + * Issue: 50219 - Add generic filter to DSLdapObjects + * Issue: 50227 - Making an cosClassicDefinition type in src/lib389/lib389/cos.py + * Issue: 50112 - Port ACI test suit from TET to python3(modify) + * Ticket 50224 - warnings on deprecated API usage + * Issue:50112 - Port ACI test suit from TET to python3(valueaci) + * Issue: 50112 Port ACI test suit from TET to python3(Aci Atter) + * Ticket 50208 - make instances mark off based on dse.ldif not sysconfig + * Issue: 50170 - composable object types for nsRole in lib389 + * Ticket 50199 - disable perl by default + * Issue:50211 - Making an actual Anonymous type in lib389/idm/account.py + * Ticket 50155 - password history check has no way to just check the current password + * Ticket 49873 - Contention on virtual attribute lookup + * Ticket 50197 - Container integration improvements + * Ticket 50195 - improve selinux error messages in interactive + * Ticket 49658 - In replicated topology a single-valued attribute can diverge + * Ticket 50111: Use pkg-config to detect icu + * Ticket 50165 - Fix issues with dscreate + * Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status + * Ticket 50140 - Use high ports in container installs + * Ticket 50184 - Add cli tool parity to dsconf/dsctl + * Ticket 50159 - sssd and config display + +------------------------------------------------------------------- +Sun Mar 17 09:30:33 UTC 2019 - Jan Engelhardt + +- Remove a pair of %if..%endif guards that do not affect the build. + +------------------------------------------------------------------- +Wed Jan 30 23:00:28 UTC 2019 - 389-ds-maintainer@suse.de + +- Updates to 389-ds.spec + - Make lib389 a requirement of 389-ds installs + - Disable shell script wrappers that have be replaced by dsctl/dsconf + - Disable perl in spec file build. For replacement tools see: + http://www.port389.org/docs/389ds/FAQ/legacy-command-changes.html + - Remove patches that have been merged by upstream + - Removed: 0001-init_fhs.patch - merged by upstream + - Removed: 0002-use-python2-for-selinux-detection.patch - merged + by upstream + - Removed: drop-caps.patch - merged by upstream + - Commented requires and recommendes in 389-ds.spec + - cyrus-sasl-plain added as a requirement as it is the only plaintext + or start TLS secure method for password auth (LDAPS is always secure) + - cyrus-sasl-gssapi moved to recommends as it is not always required + - cyrus-sasl-digestmd5 moved to recommends, as it is insecure and not + always required + - openldap2-client moved to recommends on lib389 as a supplement to + ldap command line tools that we provide, but not necessary + - python3-selinux and python3-policycoreutils moved to recommends + as they are not required, and only give "nice to have" features + during install of an instance +- Update to version 1.4.1.1~git0.af9bb7206: + * Bump version to 1.4.1.1 + * Ticket 50151 - lib389 support cli add/replace/delete on objects + * Issue 50041 - CLI and WebUI - Add memberOf plugin functionality + * Bump version to 1.4.1.0 + * Ticket 50125 - perl fix ups for tmpfiles + * Ticket 50164 - Add test for dscreate + * Fix for ticket 50059: If an object is nsds5replica, it must be cn=replica + * Ticket 50169 - lib389 changed hardcoded systemctl path + * Ticket 50165 - Fix dscreate issues + * Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser + * Fix compiler warning in snmp main() + * Ticket - Fix compiler warning in init.c + * Ticket 49540 - FIx compiler warning in ldif2ldbm + * Ticket 50169 - lib389 changed hardcoded systemctl path + * Ticket 50165 - Fix dscreate issues + * Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser + * Ticket 49540 - FIx compiler warning in ldif2ldbm + * Ticket 50077 - Fix compiler warnings in automember rebuild task + * Ticket 49972 - use-after-free in case of several parallel krb + * authentication + * Ticket 50161 - Fixed some descriptions in "dsconf backend --help" + * Ticket 50153 - Increase default max logs + * Ticket 50123 - with_tmpfiles_d is associated to systemd + * Ticket 49984 - python installer add option to create suffix entry + * Ticket 49984 - python installer add option to create suffix entry + * Ticket 50077 - RFE - improve automember plugin to work with + * modify ops + * Ticket 50136 - Allow resetting passwords on the CLI + * Ticket 49994 - Adjust dsconf backend usage + * Ticket 50138 - db2bak.pl -P LDAPS does not work when + * nsslapd-securePort is missing + * Ticket 50122 - Fix incorrect path spec + * Issue 50145 - Add a verbose option to the backup tools + * Ticket 50056 - dsctl db2ldif throws an exception + * Ticket 50078 - cannot add cenotaph in read only consumer + * Ticket 50126 - Incorrect usage of sudo in test + * Issue 50130 - Building RPMs on RHEL8 fails + * Ticket 50134 - fixup-memberof.pl does not respect protocol requested + * Issue 50122 - Selinux test for presence + * Issue 50101 - Port fourwaymmr Test TET suit to python3 + * Issue 50091 - shadowWarning is not generated if passwordWarning + * is lower than 86400 seconds (1 day). + * Ticket 50128 - NS Stress fails without ipv6 + * Issue 49618 - Set nsslapd-cachememsize to custom value + * Ticket 50117 - after certain failed import operation, impossible + * to replay an import operation + * Ticket 49999 - rpm.mk dist-bz2 should clean cockpit_dist first + * Issue 48064 - Fix various issues in disk monitoring test suite + * Issue 49938 - lib389 - Clean up CLI logging + * Issue 49761 - Fix CI test suite issues + * Ticket 50056 - Fix UI bugs (part 2) + * Issue: 48064 - CI test - disk_monitoring + * Ticket 50099 - extend error messages + * Ticket 50099 - In FIPS mode, the server can select an unsupported + * password storage scheme + * Issue 50041 - Add basic plugin UI/CLI wrappers + * Issue 50082 - Port state test suite + * Ticket 49574 - remove index subsystem + * Issue 49588 - Add py3 support for tickets : part-5 + * Ticket 50095 - cleanup deprecated key.h includes + +------------------------------------------------------------------- +Thu Jan 24 18:19:03 UTC 2019 - Marcus Rueckert + +- use lib389 on 15.0 and up. now that we do not hardrequire the + python selinux bindings anymore + +------------------------------------------------------------------- +Mon Jan 7 15:00:07 UTC 2019 - Marcus Rueckert + +- update to 1.4.0.20 + - Ticket 49994 - Add test for backend/suffix CLI functions + - Ticket 50090 - refactor fetch_attr() to slapi_fetch_attr() + - Ticket 50091 - shadowWarning is not generated if + passwordWarning is lower than 86400 seconds (1 day) + - Ticket 50056 - Fix CLI/UI bugs + - Ticket 49864 - Revised replication status messages for + transient errors + - Ticket 50071 - Set ports in local_simple_allocate function + - Ticket 50065 - lib389 aci parsing is too strict + - Ticket 50061 - Improve schema loading in UI + - Ticket 50063 - Crash after attempting to restore a single + backend + - Ticket 50062 - Replace error by warning in the state machine + defined in repl5_inc_run + - Ticket 50041 - Set the React dataflow foundation and add basic + plugin UI + - Ticket 50028 - Revise ds-replcheck usage + - Ticket 50057 - Pass argument into hashtable_new + - Ticket 50053 - improve testcase + - Ticket 50053 - Subtree password policy overrides a user-defined + password policy + - Ticket 49974 - lib389 - List instances with initconfig_dir + instead of sysconf_dir + - Ticket 49984 - Add an empty domain creation to the dscreate + - Ticket 49950 - PassSync not setting pwdLastSet attribute in + Active Directory after Pw update from LDAP sync for normal user + - Ticket 50046 - Remove irrelevant debug-log messages from CLI + tools + - Ticket 50022, 50012, 49956, and 49800: Various dsctl/dscreate + fixes + - Ticket 49927 - dsctl db2index does not work + - Ticket 49814 - dscreate should handle selinux ports that are in + a range + - Ticket 49543 - fix certmap dn comparison + - Ticket 49994 - comment out dev paths + - Ticket 49994 - Add backend features to CLI + - Ticket 48081 - Add new CI tests for password + +------------------------------------------------------------------- +Thu Dec 20 10:34:55 UTC 2018 - Marcus Rueckert + +- no longer build on ix86 because upstream dropped 32-bit intel + support in 1.4 + +------------------------------------------------------------------- +Thu Dec 20 10:32:04 UTC 2018 - Marcus Rueckert + +- limit lib389 to TW until we fixed the selinux python bindings on + leap 15 + +------------------------------------------------------------------- +Tue Nov 20 13:16:46 UTC 2018 - Marcus Rueckert + +- added drop-caps.patch (boo#1111564) + +------------------------------------------------------------------- +Tue Nov 20 12:38:42 UTC 2018 - Marcus Rueckert + +- remove caps again and add %verify not mode/caps instead + - fixes the build until we revert the permissions change + +------------------------------------------------------------------- +Tue Nov 20 06:09:31 UTC 2018 - Marcus Rueckert + +- add back the fscaps in the filelist again. we need to cleanup the + permissions package and this package at the same time. + +------------------------------------------------------------------- +Mon Nov 19 16:11:21 UTC 2018 - Marcus Rueckert + +- update to 1.4.19 + - Ticket 50026 - audit logs does not capture the operation where + nsslapd-lookthroughlimit is modified + - Ticket 50020 - during MODRDN referential integrity can fail + erronously while updating large groups + - Ticket 49999 - Finish up the transfer to React + - Ticket 50004 - lib389 - improve X-ORIGIN schema parsing + - Ticket 50013 - Log warn instead of ERR when aci target does not + exist. + - Ticket 49975 - followup for broken prefix deployment + - Ticket 49999 - Add dist-bz2 target for Koji build system + - Ticket 49814 - Add specfile requirements for python3-libselinux + - Ticket 49814 - Add specfile requirements for python3-selinux + - Ticket 49999 - Integrate React structure into cockpit-389-ds + - Ticket 49995 - Fix issue with internal op logging + - Ticket 49997 - RFE: ds-replcheck could validate suffix exists + and it’s replicated + - Ticket 49985 - memberof may silently fails to update a member + - Ticket 49967 - entry cache corruption after failed MODRDN + - Ticket 49975 - Add missing include file to main.c + - Ticket 49814 - skip standard ports for selinux labelling + - Ticket 49814 - dscreate should set the port selinux labels + - Ticket 49856 - Remove backend option from bak2db + - Ticket 49926 - Fix various issues with replication UI + - Ticket 49975 - SUSE rpmlint issues + - Ticket 49939 - Fix ldapi path in lib389 + - Ticket 49978 - Add CLI logging function for UI + - Ticket 49929 - Modifications required for the Test Case + Management System + - Ticket 49979 - Fix regression in last commit + - Ticket 49979 - Remove dirsrv tests subpackage + - Ticket 49928 - Fix various small WebUI schema issues + - Ticket 49926 - UI - comment out dev cli patchs + +------------------------------------------------------------------- +Tue Nov 6 12:47:00 UTC 2018 - Marcus Rueckert + +- limit the 2nd patch to sle12 and before ... on sle15 we actually + only have python3-selinux (boo#1114847) + +------------------------------------------------------------------- +Fri Oct 19 22:41:03 UTC 2018 - Marcus Rueckert + +- we really want lib389, reenable it. + +------------------------------------------------------------------- +Mon Oct 15 19:48:27 UTC 2018 - Aeneas Jaißle + +- disable building lib389 by default to circumvent unresolvables + +------------------------------------------------------------------- +Thu Oct 11 22:57:29 UTC 2018 - Marcus Rueckert + +- remove fscaps until the audit bug is done + +------------------------------------------------------------------- +Thu Oct 11 15:45:33 UTC 2018 - Marcus Rueckert + +- fix one type pkg_name vs pkgname in the post scriptlets + +------------------------------------------------------------------- +Thu Oct 11 15:40:31 UTC 2018 - Marcus Rueckert + +- prepare rust support + +------------------------------------------------------------------- +Thu Oct 11 15:22:57 UTC 2018 - Marcus Rueckert + +- enable lib389 by default now + +------------------------------------------------------------------- +Thu Oct 11 13:11:10 UTC 2018 - Marcus Rueckert + +- use the same hack for svrcore-devel as the redhat package: claim + to be version 4.1.4 and obsolete olders. the pkg-config file will + report the new version though. + +------------------------------------------------------------------- +Thu Oct 11 11:51:06 UTC 2018 - Marcus Rueckert + +- update to 1.4.0.18 + - Ticket 49968 - Confusing CRITICAL message: list_candidates - + NULL idl was recieved from filter_candidates_ext + - Ticket 49946 - upgrade of 389-ds-base could remove replication + agreements. + - Ticket 49969 - DOS caused by malformed search operation + (part2) +- changes from 1.4.0.17 + - Ticket 49969 - DOS caused by malformed search operation + (security fix); CVE-2018-14648 [bsc#1109609] + - Ticket 49943 - rfc3673_all_oper_attrs_test is not strict enough + - Ticket 49915 - Master ns-slapd had 100% CPU usage after + starting replication and replication cannot finish + - Ticket 49963 - ASAN build fails on F28 + - Ticket 49947 - Coverity Fixes + - Ticket 49958 - extended search fail to match entries + - Ticket 49928 - WebUI schema functionality and improve CLI part + - Ticket 49954 - On s390x arch retrieved DB page size is stored + as size_t rather than uint32_t + - Ticket 49928 - Refactor and improve schema CLI/lib389 part to + DSLdapObject + - Ticket 49926 - Fix replication tests on 1.3.x + - Ticket 49926 - Add replication functionality to dsconf + - Ticket 49887 - Clean up thread local usage + - Ticket 49937 - Log buffer exceeded emergency logging msg is not + thread-safe (security fix) CVE-2018-14624 [bsc#1106699] + - Ticket 49866 - fix typo in cos template in pwpolicy subtree + create + - Ticket 49930 - Correction of the existing fixture function + names to remove test_ prefix + - Ticket 49932 - Crash in delete_passwdPolicy when persistent + search connections are terminated unexpectedly CVE-2018-14638 [bsc#1108674] + - Ticket 48053 - Add attribute encryption test cases + - Ticket 49866 - Refactor PwPolicy lib389/CLI module + - Ticket 49877 - Add log level functionality to UI +- changes from 1.4.0.16 + - Revert “Ticket 49372 - filter optimisation improvements for + common queries” + - Revert “Ticket 49432 - filter optimise crash” + - Ticket 49887 - Fix SASL map creation when –disable-perl + - Ticket 49858 - Add backup/restore and import/export + functionality to WebUI/CLI +- changes from 1.4.0.15 + - Ticket 49029 - Internal logging thread data needs to allocate + int pointers + - Ticket 48061 - CI test - config + - Ticket 48377 - Only ship libjemalloc.so.2 + - Ticket 49885 - On some platform fips does not exist +- changes from 1.4.0.14 + - Ticket 49891 - Use “__python3” macro for python scripts + - Ticket 49890 - SECURITY FIX - ldapsearch with server side sort + crashes the ldap server CVE-2018-10935 [bsc#1105606] + - Ticket 49029 - RFE -improve internal operations logging + - Ticket 49893 - disable nunc-stans by default + - Ticket 48377 - Update file name for LD_PRELOAD + - Ticket 49884 - Improve nunc-stans test to detect socket errors + sooner + - Ticket 49888 - Use perl filter in rpm specfile + - Ticket 49866 - Add password policy features to CLI/UI + - Ticket 49881 - Missing check for crack.h + - Ticket 48056 - Add more test cases to the basic suite + - Ticket 49761 - Fix replication test suite issues + - Ticket 49381 - Refactor the plugin test suite docstrings + - Ticket 49837 - Add new password policy attributes to UI + - Ticket 49794 - RFE - Add pam_pwquality features to password + syntax checking + - Ticket 49867 - Fix CLI tools’ double output +- changes from 1.4.0.13 + - Ticket 49854 - ns-slapd should create run_dir and lock_dir + directories at startup + - Ticket 49806 - Add SASL functionality to CLI/UI + - Ticket 49789 - backout originali security fix from 1.4.0.12 as + it caused a regression in FreeIPA + - Ticket 49857 - RPM scriptlet for 389-ds-base-legacy-tools + throws an error +- changes from 1.4.0.12 + - Ticket 49813 - Revised interactive installer + - Ticket 49789 - By default, do not manage unhashed password + (Security Fix) CVE-2018-10871 [bsc#1099564] + - Ticket 49844 - lib389: don’t set up logging at module scope + - Ticket 49546 - Fix issues with MIB file + - Ticket 49840 - ds-replcheck command returns traceback errors + against ldif files having garbage content when run in offline + mode + - Ticket 49640 - Cleanup plugin bootstrap logging + - Ticket 49835 - lib389: fix logging + - Ticket 48818 - For a replica bindDNGroup, should be fetched the + first time it is used not when the replica is started + - Ticket 49780 - acl_copyEval_context double free + - Ticket 49830 - Import fails if backend name is “default” + - Ticket 49832 - remove tcmalloc references + - Ticket 49813 - dscreate - add interactive installer + - Ticket 49808 - Add option to add backend to dscreate + - Ticket 49811 - lib389 setup.py should install autogenerated man + pages + - Ticket 49795 - UI - add “action” backend funtionality + - Ticket 49588 - Add py3 support for tickets : part-3 + - Ticket 49820 - lib389 requires wrong python ldap library + - Ticket 49791 - Update docker file for new dscreate options + - Ticket 49761 - Fix more CI test issues + - Ticket 49811 - Update man pages + - Ticket 49783 - UI - add server configuration backend + - Ticket 49717 - Add conftest.py for tests + - Ticket 49588 - Add py3 support for tickets + - Ticket 49793 - Updated descriptions in dscreate example INF + file + - Ticket 49471 - Rename dscreate options + - Ticket 49751 - passwordMustChange attribute is not honored by a + RO consumer if using “Chain on Update” + - Ticket 49734 - Fix various issues with Disk Monitoring +- changes from 1.4.0.11 + - Ticket 49788 - Add test for ticket #49788 + - Ticket 49788 - Fixing 4-byte UTF-8 character validation + - Ticket 49777 - add config subcommand to dsconf + - Ticket 49712 - lib389 CLI tools should return a result code on + failures + - Ticket 49588 - Add py3 support for tickets : part-2 + - Remove old RHEL/fedora version checking from upstream specfile + - Ticket 48204 - remove python2 from scripts + - Ticket 49576 - ds-replcheck: fix certificate directory + verification + - Bug 1591761 - 389-ds-base: Remove jemalloc exports +- changes from 1.4.0.10 + - Ticket 49640 - Errors about PBKDF2 password storage plugin at + server startup + - Ticket 49571 - perl subpackage and python installer by default + - Ticket 49740 - UI - Replication monitor color coding is not + colorblind friendly + - Ticket 49741 - UI - View/Edit replication agreement hangs WebUI + - Ticket 49703 - UI - Set default values in create instance form + - Ticket 49742 - Fine grained password policy can impact search + performance + - Ticket 49768 - Under network intensive load persistent search + can erronously decrease connection refcnt(Security Fix) CVE-2018-10850 [bsc#1096368] + - Ticket 49765 - compiler warning + - Ticket 49689 - Cockpit subpackage does not build in PREFIX + installations + - Ticket 49765 - Async operations can hang when the server is + running nunc-stans + - Ticket 49745 - UI add filter options for error log severity + levels + - Ticket 49761 - Fix test suite issues + - Ticket 49754 - instances created with dscreate can not be + upgraded with setup-ds.pl + - Ticket 47902 - UI - add continuous refresh log feature + - Ticket 49381 - Add docstrings to plugin test suites - Part 1 + - Ticket 49646 - Improve TLS cert processing in lib389 CLI + - Ticket 49748 - Passthru plugin startTLS option not working + - Ticket 49732 - Optimize resource limit checking for rootdn + issued searches + - Ticket 48377 - Bundle jemalloc + - Ticket 49736 - Hardening of active connection list + - Ticket 48184 - clean up and delete connections at shutdown + (3rd) + - Ticket 49675 - Revise coverity fix + - Ticket 49333 - Do not remove versioned man pages + - Ticket 49683 - Add support for JSON option in lib389 CLI tools + - Ticket 49704 - Error log from the installer is concatenating + all lines into one + - Ticket 49726 - DS only accepts RSA and Fortezza cipher families + - Ticket 49722 - Errors log full of “ WARN - keys2idl - recieved + NULL idl from index_read_ext_allids, treating as empty set” + messages + - Ticket 49582 - Add py3 support to memberof_plugin test suite + - Ticket 49675 - Fix coverity issues + - Ticket 49576 - Add support of “;deletedattribute” in + ds-replcheck + - Ticket 49706 - Finish UI patternfly convertions + - Ticket 49684 - AC_PROG_CC clobbers CFLAGS set by –enable-debug + - Ticket 49678 - organiSational vs organiZational spelling in + lib389 + - Ticket 49689 - Fix local “make install” after adding cockpit + subpackage + - Ticket 49689 - Move Cockpit UI plugin to a subpackage + - Ticket 49679 - Missing nunc-stans documentation and doxygen + warnings + - Ticket 49588 - Add py3 support for tickets : part-1 + - Ticket 49576 - Update ds-replcheck for new conflict entries + - Ticket 48184 - clean up and delete connections at shutdown (2nd + try) + - Ticket 49698 - Remove unneeded patternfly files from Cockpit + package + - Ticket 49581 - Fix dynamic plugins test suite + - Ticket 49665 - remove obsoleted upgrade scripts + - Ticket 49693 - A DB_DEADLOCK while adding a tombstone (RUV) + leads to access of an already freed entry + - Ticket 49696 - replicated operations should be serialized + - Ticket 49669 - Invalid cachemem size can crash the server + during a restore + - Ticket 49684 - AC_PROG_CC clobbers CFLAGS set by –enable-debug + - Ticket 49685 - make clean fails if cargo is not installed + - Ticket 49106 - Move ds_* scripts to libexec + - Ticket 49657 - Fix cascading replication scenario in lib389 API + - Ticket 49671 - Readonly replicas should not write internal ops + to changelog + - Ticket 49673 - nsslapd-cachememsize can’t be set to a value + bigger than MAX_INT + - Ticket 49519 - Convert Cockpit UI to use strictly patternfly + stylesheets + - Ticket 49665 - Upgrade script doesn’t enable CRYPT password + storage plug-in + - Ticket 49665 - Upgrade script doesn’t enable PBKDF2 password + storage plug-in +- changes from 1.4.0.9 + - Ticket 49661 - CVE-2018-1089 - Crash from long search filter [bsc#1092187] + - Ticket 49652 - DENY aci’s are not handled properly + - Ticket 49650 - lib389 enable_tls doesn’t work on F28 + - Ticket 49538 - replace cacertdir_rehash with openssl rehash + - Ticket 49406 - Port backend_test.py test to DSLdapObject + implementation + - Ticket 49649 - Use reentrant crypt_r() + - Ticket 49642 - lib389 should generate a more complex password + - Ticket 49612 - lib389 remove_ds_instance() does not remove + systemd units + - Ticket 49644 - crash in debug build +- changes from 1.4.0.8 + - Ticket 49639 - Crash when failing to read from SASL conn + - Ticket 49109 - nsDS5ReplicaTransportInfo should accept StartTLS + as an option + - Ticket 49586 - Add py3 support to plugins test suite + - Ticket 49511 - memory leak in pwdhash +- changes from 1.4.0.7 + - Ticket 49477 - Missing pbkdf python + - Ticket 49552 - Fix the last of the build issues on F28/29 + - Ticket 49522 - Fix build issues on F28 + - Ticket 49631 - same csn generated twice + - Ticket 49585 - Add py3 support to password test suite : part-3 + - Ticket 49585 - Add py3 support to password test suite : part-2 + - Ticket 48184 - revert previous patch around unuc-stans shutdown + crash + - Ticket 49585 - Add py3 support to password test suite + - Ticket 46918 - Fix compiler warnings on arm + - Ticket 49601 - Replace HAVE_SYSTEMD define with WITH_SYSTEMD in + svrcore + - Ticket 49619 - adjustment of csn_generator can fail so next + generated csn can be equal to the most recent one received + - Ticket 49608 - Add support for gcc/clang sanitizers + - Ticket 49606 - Improve lib389 documentation + - Ticket 49552 - Fix build issues on F28 + - Ticket 49603 - 389-ds-base package rebuilt on EPEL can’t be + installed due to missing dependencies + - Ticket 49593 - NDN cache stats should be under the global stats + - Ticket 49599 - Revise replication total init status messages + - Ticket 49596 - repl-monitor.pl fails to find db tombstone/RUV + entry + - Ticket 49589 - merge svrcore into 389-ds-base + - Ticket 49560 - Add a test case for extract-pemfiles + - Ticket 49239 - Add a test suite for ds-replcheck tool RFE + - Ticket 49369 - merge svrcore into 389-ds-base +- changes from 1.4.0.6 + - Ticket 49545 - final substring extended filter search returns + invalid resulta (security fix) CVE-2018-1054 [bsc#1083689] + - Ticket 49572 - ns_job_wait race on condvar + - Ticket 49584 - Fix Tickets with paged_results test suite + - Ticket 49161 - memberof fails if group is moved into scope + - Ticket 49447 - PBKDF2 on upgrade + - ticket 49551 - correctly handle subordinates and tombstone + numsubordinates + - Ticket 49043 - Add replica conflict test suite + - Ticket 49296 - Fix race condition in connection code with + anonymous limits + - Ticket 49568 - Fix integer overflow on 32bit platforms + - Ticket 48085 - Add encryption cl5 test suite + - Ticket 49566 - ds-replcheck needs to work with hidden conflict + entries + - Ticket 49519 - Add more Cockpit UI content + - Ticket 49551 - fix memory leak found by coverity + - Ticket 49551 - v3 - correct handling of numsubordinates for + cenotaphs and tombstone delete + - Ticket 49278 - Add a new CI test case + - Ticket 49560 - nsslapd-extract-pemfiles should be enabled by + default as openldap is moving to openssl + - Ticket 49557 - Add config option for checking CRL on outbound + SSL Connections + - Ticket 49446 - Add CI test case + - Ticket 35 - Description: Add support for managing automember to + dsconf + - Ticket 49544 - cli release preperation + - Ticket 48006 - Add a new CI test case +- changes from 1.4.0.5 + - CVE-2017-15134 389-ds-base: Remote DoS via search filters in + slapi_filter_sprintf [bsc#1076530] + - Ticket 49554 - Update Makefile for README.md + - Ticket 49554 - update readme + - Ticket 49546 - Fix broken snmp MIB file + - Ticket 49400 - Make CLANG configurable + - Ticket 49530 - Add pseudolocalization option for dbgen + - Ticket 49523 - Fixed skipif marker, topology fixture and log + message + - Ticket 49544 - Double check pw prompts + - Ticket 49548 - Cockpit UI - installer should also setup Cockpit +- changes from 1.4.0.4 + - Ticket 49540 - Indexing task is reported finished too early + regarding the backend status + - Ticket 49534 - Fix coverity regression + - Ticket 49544 - cli release preperation, group improvements + - Ticket 49542 - Unpackaged files on el7 break rpm build + - Ticket 49541 - repl config should not allow rid 65535 for + masters + - Ticket 49370 - Add all the password policy defaults to a new + local policy + - Ticket 49425 - improve demo objects for install + - Ticket 49537 - allow asan to build with stable rustc + - Ticket 49526 - Improve create_test.py script + - Ticket 49516 - Add python 3 support for replication suite + - Ticket 49534 - Fix coverity issues and regression + - Ticket 49532 - coverity issues - fix compiler warnings & clang + issues + - Ticket 49531 - coverity issues - fix memory leaks + - Ticket 49463 - After cleanALLruv, there is a flow of keep alive + DEL + - Ticket 49529 - Fix Coverity warnings: invalid deferences + - Ticket 49509 - Indexing of internationalized matching rules is + failing + - Ticket 49527 - Improve ds* cli tool testing + - Ticket 49474 - purge saslmaps before gssapi test + - Ticket 49413 - Changelog trimming ignores disabled + replica-agreement + - Ticket 49446 - cleanallruv should ignore cleaned replica Id in + processing changelog if in force mode + - Ticket 49278 - GetEffectiveRights gives false-negative + - Ticket 49508 - memory leak in cn=replica plugin setup + - Ticket 48118 - Add CI test case + - Ticket 49520 - Cockpit UI - Add database chaining HTML + - Ticket 49512 - Add ds-cockpit-setup to rpm spec file + - Ticket 49523 - Refactor CI test + - Ticket 49524 - Password policy: minimum token length fails when + the token length is equal to attribute length + - Ticket 49517 - Cockpit UI - Add correct png files + - Ticket 49517 - Cockput UI - revise config layout + - Ticket 49523 - memberof: schema violation error message is + confusing as memberof will likely repair target entry + - Ticket 49312 - Added a new test case for “-D configdir” + - Ticket 49512 - remove backup directories from cockpit source + - Ticket 49512 - Add initial Cockpit UI Plugin + - Ticket 49515 - cannot link, missing -fPIC + - Ticket 49474 - Improve GSSAPI testing capability + - Ticket 49493 - heap use after free in csn_as_string + - Ticket 49379 - Add Python 3 support to CI test + - Ticket 49431 - Add CI test case + - Ticket 49495 - cos stress test and improvements. + - Ticket 49495 - Fix memory management is vattr. + - Ticket 49494 - python 2 bytes mode. + - Ticket 49471 - heap-buffer-overflow in ss_unescape + - Ticket 48184 - close connections at shutdown cleanly. + - Ticket 49218 - Certmap - support TLS tests + - Ticket 49470 - overflow in pblock_get + - Ticket 49443 - Add CI test case + - Ticket 49484 - Minor cli tool fixes. + - Ticket 49486 - change ns stress core to use absolute int width. + - Ticket 49445 - Improve regression test to detect memory leak. + - Ticket 49445 - Memory leak in ldif2db + - Ticket 49485 - Typo in gccsec_defs + - Ticket 49479 - Remove unused ‘batch’ argument from lib389 + - Ticket 49480 - Improvements to support IPA install. + - Ticket 49474 - sasl allow mechs does not operate correctly + - Ticket 49449 - Load sysctl values on rpm upgrade. + - Ticket 49374 - Add CI test case + - Ticket 49325 - fix rust linking. + - Ticket 49475 - docker poc improvements. + - Ticket 49461 - Improve db2index handling for test 49290 + - Ticket 47536 - Add Python 3 support and move test case to + suites + - Ticket 49444 - huaf in task.c during high load import + - Ticket 49460 - replica_write_ruv log a failure even when it + succeeds + - Ticket 49298 - Ticket with test case and remove-ds.pl + - Ticket 49408 - Add a test case for nsds5ReplicaId checks + - Ticket 3 lib389 - python 3 support for subset of pwd cases + - Ticket 35 lib389 - dsconf automember support +- drop patches: + 0003-fix-rm-non-existent-man-pages.patch + simplify-lib389-setup-py.patch + tw.patch +- new BuildRequires: + - cracklib-devel + - rsync + - synced lib389 setup.py: python-ldap argparse-manpage +- use %license +- new subpackages libsvrcore* +- provide/obsolete svrcore-devel + +------------------------------------------------------------------- +Mon Feb 19 13:01:04 UTC 2018 - hguo@suse.com + +- Explicitly generate dirsrv sysconfig file as it is necessary for + SLES 15 (bsc#1081324). + +------------------------------------------------------------------- +Fri Feb 2 01:31:25 UTC 2018 - mrueckert@suse.de + +- switch lib389 to use the python3-ldap subpackage + +------------------------------------------------------------------- +Wed Jan 31 13:28:21 UTC 2018 - hguo@suse.com + +- For SLES 15 schedule, do not build lib389 programmable extension + for now. + +------------------------------------------------------------------- +Wed Jan 31 11:13:17 UTC 2018 - dimstar@opensuse.org + +- BuildRequire python3-ldap instead of python3-pyldap: pyldap is + deprecated in favor of python-ldap. + +------------------------------------------------------------------- +Tue Jan 30 14:19:15 UTC 2018 - hguo@suse.com + +- Rename dependency package python-pyldap into python3-pyldap. + +------------------------------------------------------------------- +Mon Jan 29 15:20:10 UTC 2018 - hguo@suse.com + +- Correct name to dependency package "python-pyldap". + +------------------------------------------------------------------- +Thu Jan 25 15:09:41 UTC 2018 - hguo@suse.com + +- Introduce patch 0003-fix-rm-non-existent-man-pages.patch to remove + a faulty rm statement from makefile. + +------------------------------------------------------------------- +Sun Jan 14 02:59:15 UTC 2018 - mrueckert@suse.de + +- add tw.patch to fix potential buffer overflow + +------------------------------------------------------------------- +Tue Dec 5 14:45:57 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Mon Nov 20 22:34:46 UTC 2017 - mrueckert@suse.de + +- added simplify-lib389-setup-py.patch + seems the python3 setuptools on leap 42.3 do not like this fancy + syntax. kill it and always use the python 3 way. + +------------------------------------------------------------------- +Mon Nov 20 22:15:45 UTC 2017 - mrueckert@suse.de + +- update to 1.4.0.3 + - Ticket 49457 - Fix spal_meminfo_get function prototype + - Ticket 49455 - Add tests to monitor test suit. + - Ticket 49448 - dynamic default pw scheme based on environment. + - Ticket 49298 - fix complier warn + - Ticket 49298 - Correct error codes with config restore. + - Ticket 49454 - SSL Client Authentication breaks in FIPS mode + - Ticket 49453 - passwd.py to use pwdhash defaults. + - Ticket 49427 - whitespace in fedse.c + - Ticket 49410 - opened connection can remain no longer poll, + like hanging + - Ticket 48118 - fix compiler warning for incorrect return type + - Ticket 49451 - Add environment markers to lib389 dependencies + - Ticket 49325 - Proof of concept rust tqueue in sds + - Ticket 49443 - scope one searches in 1.3.7 give incorrect + results + - Ticket 48118 - At startup, changelog can be erronously rebuilt + after a normal shutdown + - Ticket 49412 - SIGSEV when setting invalid changelog config + value + - Ticket 49441 - Import crashes - oneline fix + - Ticket 49377 - Incoming BER too large with TLS on plain port + - Ticket 49441 - Import crashes with large indexed binary + attributes + - Ticket 49435 - Fix NS race condition on loaded test systems + - Ticket 77 - lib389 - Refactor docstrings in rST format - part 2 + - Ticket 17 - lib389 - dsremove support + - Ticket 3 - lib389 - python 3 compat for paged results test + - Ticket 3 - lib389 - Python 3 support for memberof plugin test + suit + - Ticket 3 - lib389 - config test + - Ticket 3 - lib389 - python 3 support ds_logs tests + - Ticket 3 - lib389 - python 3 support for betxn test + +------------------------------------------------------------------- +Sat Nov 11 00:53:42 UTC 2017 - mrueckert@suse.de + +- we actually need pyldap + +------------------------------------------------------------------- +Fri Nov 10 23:50:29 UTC 2017 - mrueckert@suse.de + +- lib389 is merged into this tarball now. move the subpackage here. + +------------------------------------------------------------------- +Fri Nov 10 22:45:23 UTC 2017 - mrueckert@suse.de + +- update to 1.4.0.2 + - Ticket 48393 - fix copy and paste error + - Ticket 49439 - cleanallruv is not logging information + - Ticket 48393 - Improve replication config validation + - Ticket lib389 3 - Python 3 support for ACL test suite + - Ticket 103 - sysconfig not found + - Ticket 49436 - double free in COS in some conditions + - Ticket 48007 - CI test to test changelog trimming interval + - Ticket 49424 - Resolve csiphash alignment issues + - Ticket lib389 3 - Python 3 support for + pwdPolicy_controls_test.py + - Ticket 3 - python 3 support - filter test + - Ticket 49434 - RPM build errors + - Ticket 49432 - filter optimise crash + - Ticket 49432 - Add complex fliter CI test + - Ticket 48894 - harden valueset_array_to_sorted_quick valueset + access + - Ticket 49401 - Fix compiler incompatible-pointer-types warnings + - Ticket 48681 - Use of uninitialized value in string ne at + /usr/bin/logconv.pl + - Ticket 49409 - Update lib389 requirements + - Ticket 49401 - improve valueset sorted performance on delete + - Ticket 49374 - server fails to start because maxdisksize is + recognized incorrectly + - Ticket 49408 - Server allows to set any nsds5replicaid in the + existing replica entry + - Ticket 49407 - status-dirsrv shows ellipsed lines + - Ticket 48681 - Use of uninitialized value in string ne at + /usr/bin/logconv.pl + - Ticket 49386 - Memberof should be ignore MODRDN when the + pre/post entry are identical + - Ticket 48006 - Missing warning for invalid replica backoff + configuration + - Ticket 49064 - testcase hardening + - Ticket 49064 - RFE allow to enable MemberOf plugin in dedicated + consumer + - Ticket lib389 3 - python 3 support + - Ticket 49402 - Adding a database entry with the same database + name that was deleted hangs server at shutdown + - Ticket 48235 - remove memberof lock (cherry-pick error) + - Ticket 49394 - build warning + - Ticket 49381 - Refactor numerous suite docstrings - Part 2 + - Ticket 49394 - slapi_pblock_get may leave unchanged the + provided variable + - Ticket 49403 - tidy ns logging + - Ticket 49381 - Refactor filter test suite docstrings + - Ticket 48235 - Remove memberOf global lock + - Ticket 103 - Make sysconfig where it is expected to exist + - Ticket 49400 - Add clang support to rpm builds + - Ticket 49381 - Refactor ACL test suite docstrings + - Ticket 49363 - Merge lib389 + - Ticket 101 - BaseException.message has been deprecated in + Python3 + - Ticket 102 - referral support + - Ticket 99 - Fix typo in create_topology + - Ticket #98 - Fix dbscan output + - Ticket #77 - Fix changelogdb param issue + - Ticket #77 - Refactor docstrings in rST format - part 1 + - Ticket 96 - Change binaries’ names + - Ticket 77 - Add sphinx documentation + - Ticket 43 - Add support for Referential Integrity plugin + - Ticket 45 - Add support for Rootdn Access Control plugin + - Ticket 46 - dsconf support for dynamic schema reload + - Ticket 74 - Advice users to set referint-update-delay to 0 + - Ticket 92 - display_attr() should return str not bytes in py3 + - Ticket 93 - Fix test cases in ctl_dbtasks_test.py + - Ticket 88 - python install and remove for tests + - Ticket 85 - Remove legacy replication attribute + - Ticket 91 - Fix replication topology + - Ticket 89 - Fix inconsistency with serverid + - Ticket 79 - Fix replica.py and add tests + - Ticket 86 - add build dir to gitignore + - Ticket 83 - Add an util for generating instance parameters + - Ticket 87 - Update accesslog regec for HR etimes + - Ticket 49 - Add support for whoami plugin + - Ticket 48 - Add support for USN plugin + - Ticket 78 - Add exists() method to DSLdapObject + - Ticket 31 - Allow complete removal of some memberOf attrs + - Ticket31 - Add memberOf fix-up task + - Ticket 67 - Add ensure_int function + - Ticket 59 - lib389 support for index management. + - Ticket 67 - get attr by type + - Ticket 70 - Improve repl tools + - Ticket 50 - typo in db2* in dsctl + - Ticket 31 - Add status command and SkipNested support for + MemberOf + - Ticket 31 - Add functional tests for MemberOf plugin + - Ticket 66 - expand healthcheck for Directory Server + - Ticket 69 - add specfile requires + - Ticket 31 - Initial MemberOf plugin support + - Ticket 50 - Add db2* tasks to dsctl + - Ticket 65 - Add m2c2 topology + - Ticket 63 - part 2, agreement test + - Ticket 63 - lib389 python 3 fix + - Ticket 62 - dirsrv offline log + - Ticket 60 - add dsrc to dsconf and dsidm + - Ticket 32 - Add TLS external bind support for testing + - Ticket 27 - Fix get function in tests + - Ticket 28 - userAccount for older versions without nsmemberof + - Ticket 27 - Improve dseldif API + - Ticket 30 - Add initial support for account lock and unlock. + - Ticket 29 - fix incorrect format in tools + - Ticket 28 - Change default objectClasses for users and groups + - Ticket 1 - Fix missing dn / rdn on config. + - Ticket 27 - Add a module for working with dse.ldif file + - Ticket 1 - cn=config comparison + - Ticket 21 - Missing serverid in dirsrv_test due to incorrect + allocation + - Ticket 26 - improve lib389 sasl support + - Ticket 24 - Join paths using os.path.join instead of string + concatenation + - Ticket 25 - Fix RUV repr function + - Ticket 23 - Use DirSrv.exists() instead of manually checking + for instance’s existence + - Ticket 1 - cn=config comparison + - Ticket 22 - Specify a basedn parameter for IDM modules + - Ticket 19 - missing readme.md in python3 + - Ticket 20 - Use the DN_DM constant instead of hard coding its + value + - Ticket 19 - Missing file and improve make + - Ticket 14 - Remane dsadm to dsctl + - Ticket 16 - Reset InstScriptsEnabled argument during the init + - Ticket 14 - Remane dsadm to dsctl + - Ticket 13 - Add init function to create new domain entries + - Ticket 15 - Improve instance configuration ability + - Ticket 10 - Improve command line tool arguments + - Ticket 9 - Convert readme to MD + - Ticket 7 - Add pause and resume methods to topology fixtures + - Ticket 49172 - Allow lib389 to read system schema and instance + - Ticket 49172 - Allow lib389 to read system schema and instance + - Ticket 6 - Bump lib389 version 1.0.4 + - Ticket 5 - Fix container build on fedora + - Ticket 4 - Cert detection breaks some tests + - Ticket 49137 - Add sasl plain tests, lib389 support + - Ticket 2 - pytest mark with version relies on root + - Ticket 49126 - DIT management tool + - Ticket 49101 - Python 2 generate example entries + - Ticket 49103 - python 2 support for installer + - Ticket 47747 - Add topology_i2 and topology_i3 + - Ticket 49087 - lib389 resolve jenkins issues + - Ticket 48413 - Improvements to lib389 for rest + - Ticket 49083 - Support prefix for discovery of the defaults.inf + file. + - Ticket 49055 - Fix debugging mode issue + - Ticket 49060 - Increase number of masters, hubs and consumers + in topology + - Ticket 47747 - Add more topology fixtures + - Ticket 47840 - Add InstScriptsEnabled argument + - Ticket 47747 - Add topology fixtures module + - Ticket 48707 - Implement draft-wibrown-ldapssotoken-01 + - Ticket 49022 - Lib389, py3 installer cannot create entries in + backend + - Ticket 49024 - Fix paths to the dbdir parent + - Ticket 49024 - Fix db_dir paths + - Ticket 49024 - Fix paths in tools module + - Ticket 48961 - Fix lib389 minor issues shown by 48961 test + - Ticket 49010 - Lib389 fails to start with systemctl changes + - Ticket 49007 - lib389 fixes for paths to use online values + - Ticket 49005 - Update lib389 to work in containers correctly. + - Ticket 48991 - Fix lib389 spec for python2 and python3 + - Ticket 48984 - Add lib389 paths module + - Ticket 48951 - dsadm dsconfig status and plugin + - Ticket 47957 - Update the replication “idle” status string + - Ticket 48951 - dsadm and dsconf base files + - Ticket 48952 - Restart command needs a sleep + - Ticket 48949 - Fix ups for style and correctness + - Ticket 48949 - added copying slapd-collations.conf + - Ticket 48949 - change default file path generation - use + os.path.join + - Ticket 48949 - os.makedirs() exist_ok not python2 compatible, + added try/except + - Ticket 48949 - configparser fallback not python2 compatible + - Ticket 48946 - openConnection should not fully popluate DirSrv + object + - Ticket 48832 - Add DirSrvTools.getLocalhost() function + - Ticket 48382 - Fix serverCmd to get sbin dir properly + - Bug 1347760 - Information disclosure via repeated use of LDAP + ADD operation, etc. + - Ticket 48937 - Cleanup valgrind wrapper script + - Ticket 48923 - Fix additional issue with serverCmd + - Ticket 48923 - serverCmd timeout not working as expected + - Ticket 48917 - Attribute presence + - Ticket 48911 - Plugin improvements for lib389 + - Ticket 48911 - Improve plugin support based on new mapped + objects + - Ticket 48910 - Fixes for backend tests and lib389 reliability. + - Ticket 48860 - Add replication tools + - Ticket 48888 - Correction to create of dsldapobject + - Ticket 48886 - Fix NSS SSL library in lib389 + - Ticket 48885 - Fix spec file requires + - Ticket 48884 - Bugfixes for mapped object and new connections + - Ticket 48878 - better style for backend in backend_test.py + - Ticket 48878 - pep8 fixes part 2 + - Ticket 48878 - pep8 fixes and fix rpm to build + - Ticket 48853 - Prerelease installer + - Ticket 48820 - Begin to test compatability with py.test3, and + the new orm + - Ticket 48434 - Fix for negative tz offsets + - Ticket 48857 - Remove python-krbV from lib389 + - Ticket 48820 - Fix tests to ensure they work with the new + object types + - Ticket 48820 - Move Encryption and RSA to the new object types + - Ticket 48820 - Proof of concept of orm style mapping of configs + and objects + - Ticket 48820 - Clitool rename + - Ticket 48431 - lib389 integrate ldclt + - Ticket 48434 - lib389 logging tools + - Ticket 48796 - add function to remove logs + - Ticket 48771 - lib389 - get ns-slapd version + - Ticket 48830 - Convert lib389 to ip route tools + - Ticket 48763 - backup should run regardless of existing + backups. + - Ticket 48434 - lib389 logging tools + - Ticket 48798 - EL6 compat for lib389 tests for DH params + - Ticket 48798 - lib389 add ability to create nss ca and + certificate + - Ticket 48433 - Aci linting tools + - Ticket 48791 - format args in server tools + - Ticket 48399 - Helper makefile is missing mkdir dist + - Ticket 48399 - Helper makefile is missing mkdir dist + - Ticket 48794 - lib389 build requires are on a single line + - Ticket 48660 - Add function to convert binary values in an + entry to base64 + - Ticket 48764 - Fix mit krb password to be random. + - Ticket 48765 - Change default ports for standalone topology + - Ticket 48750 - Clean up logging to improve command experience + - Ticket 48751 - Improve lib389 ldapi support + - Ticket 48399 - Add helper makefile to lib389 to build and + install + - Ticket 48661 - Agreement test suite fails at the test_changes + case + - Ticket 48407 - Add test coverage module for lib389 repo + - Ticket 48357 - clitools should standarise their args + - Ticket 48560 - Make verbose handling consistent + - Ticket 48419 - getadminport() should not a be a static method + - Ticket 48408 - RFE escaped default suffix for tests + - Ticket 48401 - Revert typecheck + - Ticket 48401 - lib389 Entry hasAttr returs dict instead of + false + - Ticket 48390 - RFE Improvements to lib389 monitor features for + rest389 + - Ticket 48358 - Add new spec file + - Ticket 48371 - weaker host check on localhost.localdomain + - Ticket 58358 - Update spec file with pre-release versioning + - Ticket 48358 - Make Fedora packaging changes to the spec file + - Ticket 48358 - Prepare lib389 for Fedora Packaging + - Ticket 48364 - Fix test failures + - Ticket 48360 - Refactor the delete agreement function + - Ticket 48361 - Expand 389ds monitoring capabilities + - Ticket 48246 - Adding license/copyright to lib389 files + - Ticket 48340 - Add basic monitor support to lib389 + https://fedorahosted.org/389/ticket/48340 + - Ticket 48353 - Add Replication REST support to lib389 + - Ticket 47840 - Fix regression + - Ticket 48343 - lib389 krb5 realm management + https://fedorahosted.org/389/ticket/48343 + - Ticket 47840 - fix lib389 to use sbin scripts + https://fedorahosted.org/389/ticket/47840 + - Ticket 48335 - Add SASL support to lib389 + - Ticket 48329 - Fix case-senstive scyheam comparisions + - Ticket 48303 - Fix lib389 broken tests + - Ticket 48329 - add matching rule functions to schema module + - Ticket 48324 - fix boolean capitalisation (one line) + https://fedorahosted.org/389/ticket/48324 + - Ticket 48321 - Improve is_a_dn check to prevent mistakes with + lib389 auth https://fedorahosted.org/389/ticket/48321 + - Ticket 48322 - Allow reindex function to reindex all attributes + - Ticket 48319 - Fix ldap.LDAPError exception processing + - Ticket 48318 - Do not delete a changelog while disabling a + replication by suffix + - Ticket 48308 - Add eq and ne to Entry to allow fast comparison + https://fedorahosted.org/389/ticket/48308 + - Ticket 48303 - Fix lib389 broken tests - backend_test + - Ticket 48309 - Fix lib389 lib imports + - Ticket 48303 - Fix lib389 broken tests - agreement_test + - Ticket 48303 - Fix lib389 broken tests - aci_parse_test + - Ticket 48301 - add tox support + - Ticket 48204 - update lib389 for python3 + - Ticket 48273 - Improve valgrind functions + - Ticket 48271 - Fix for self.prefix being none when + SER_DEPLOYED_DIR is none + https://fedorahosted.org/389/ticket/48271 + - Ticket 48259 - Add aci parsing utilities to lib389 + - Ticket 48252 - (lib389) adding get_bin_dir and dbscan + - Ticket 48247 - Change the default user to ‘dirsrv’ + - Ticket 47848 - Add new function to create ldif files + - Ticket 48239 - Fix for prefix allocation of un-initialised + dirsrv objects + - Ticket 48237 - Add lib389 helper to enable and disable logging + services. + - Ticket 48236 - Add get effective rights helper to lib389 + - Ticket 48238 - Add objectclass and attribute type query + mechanisms + - Ticket 48029 - Add missing replication related functions + - Ticket 48028 - add valgrind wrapper for ns-slapd + - Ticket 48028 - lib389 - add valgrind functions + - Ticket 48022 - lib389 - Add all the server tasks + - Ticket 48023 - create function to test replication between + servers + - Ticket 48020 - lib389 - need to reset args_instance with every + DirSrv init + - Ticket 48000 - Repl agmts need more time to stop + - Ticket 48004 - Fix various issues + - Ticket 48000 - replica agreement pause/resume should have a + short sleep + - Ticket 47990 - Add check for “.removed” instances when doing an + upgrade + - Ticket 47990 - Add “upgrade” function to lib389 + - Ticket 47691 - using lib389 with RPMs + - Ticket 47848 - Add support for setuptools. + - Ticket 47855 - Add function to clear tmp directory + - Ticket 47851 - Need to retrieve tmp directory path + - Ticket 47845 - add stripcsn option to tombstone fixup task + - Ticket 47851 - Add function to retrieve dirsrvtests data + directory + - Ticket 47845 - Add backup/restore/fixup tombstone tasks to + lib389 + - Ticket 47819 - Add the new precise tombstone purging config + attribute + - Ticket 47695 - Add plugins/tasks/Index + - Ticket 47648 - lib389 - add schema classes, methods + - Ticket 47671 - CI lib389: allow to open a DirSrv without having + to create the instance + - Ticket 47600 - Replica/Agreement/Changelog not conform to the + design + - Ticket 47652 - replica add fails: MT.list return a list not an + entry + - Ticket 47635 - MT/Backend/Suffix to be conform with the design + - Ticket 47625 - CI lib389: DirSrv not conform to the design + - Ticket 47595 - fail to detect/reinit already existing + instance/backup + - Ticket 47590 - CI tests: add/split functions around replication + - Ticket 47584 - CI tests: add backup/restore of an instance + - Ticket 47578 - CI tests: removal of ‘sudo’ and absolute path in + lib389 + - Ticket 47568 - Rename DSAdmin class + - Ticket 47566 - Initial import of DSadmin into 389-test repos + +------------------------------------------------------------------- +Tue Oct 24 12:35:24 UTC 2017 - jengelh@inai.de + +- Use openSUSE rpm group classifications. +- Remove removal of .a files that do not exist to begin with + (because of --disable-static). +- Remove double removal of .la files. +- Do not suppress errors from useradd. + +------------------------------------------------------------------- +Wed Oct 18 20:57:17 UTC 2017 - mrueckert@suse.de + +- update to 1.4.0.1 + - Ticket 49038 - remove legacy replication - change cleanup + script precedence + - Ticket 49392 - memavailable not available + - Ticket 49235 - pbkdf2 by default + - Ticket 49279 - remove dsktune + - Ticket 49372 - filter optimisation improvements for common + queries + - Ticket 49320 - Activating already active role returns error 16 + - Ticket 49389 - unable to retrieve specific cosAttribute when + subtree password policy is configured + - Ticket 49092 - Add CI test for schema-reload + - Ticket 49388 - repl-monitor - matches null string many times in + regex + - Ticket 49387 - pbkdf2 settings were too aggressive + - Ticket 49385 - Fix coverity warnings + - Ticket 49305 - Need to wrap atomic calls + - Ticket 48973 - Indexing a ExactIA5Match attribute with a + IgnoreIA5Match matching rule triggers a warning + - Ticket 49378 - server init fails + - Ticket 49305 - Need to wrap atomic calls + - Ticket 49180 - add CI test + - Ticket 49180 - errors log filled with attrlist_replace - + attr_replace + +------------------------------------------------------------------- +Tue Oct 10 16:06:18 UTC 2017 - mrueckert@suse.de + +- drop 389-ds-reproducible.patch: applied upstream + +------------------------------------------------------------------- +Fri Sep 29 00:06:42 UTC 2017 - mrueckert@suse.de + +- move upgrade and restart code to postun + +------------------------------------------------------------------- +Thu Sep 28 15:40:51 UTC 2017 - mrueckert@suse.de + +- make sure we stop before uninstall +- build require gdb for directory ownership + +------------------------------------------------------------------- +Wed Sep 27 16:11:29 UTC 2017 - mrueckert@suse.de + +- sync requires with fedora spec file + - build with tcmalloc + - add missing requires for things like bind-utils, db-utils + - add requires to the devel package + - split out the snmp agent + - upgrade all databases on update + +------------------------------------------------------------------- +Wed Sep 27 15:10:25 UTC 2017 - mrueckert@suse.de + +- update to 1.4.0.0 + - Ticket 49327 - Add CI test for password expiration controls + - Ticket 48085 - CI tests - replication ruvstore + - Ticket 49381 - Refactor numerous suite docstrings + - Ticket 48085 - CI tests - replication cl5 + - Ticket 49379 - Allowed sasl mapping requires restart + - Ticket 49327 - password expired control not sent during grace + logins + - Ticket 49380 - Add CI test + - Ticket 83 - Fix create_test.py imports + - Ticket 49381 - Add docstrings to ds_logs, gssapi_repl, betxn + - Ticket 49380 - Crash when adding invalid replication agreement + - Ticket 48081 - CI test - password - Ticket 49295 - Fix CI tests + - Ticket 49295 - Fix CI test for account policy + - Ticket 49373 - remove unused header file +- changes from 1.3.7.4 + - Ticket 49371 - Cleanup update script + - Ticket 48831 - Autotune dncache with entry cache. + - Ticket 49312 - pwdhash -D used default hash algo + - Ticket 49043 - make replication conflicts transparent to + clients + - Ticket 49371 - Fix rpm build + - Ticket 49371 - Template dse.ldif did not contain all needed + plugins + - Ticket 49295 - Fix CI Tests + - Ticket 49050 - make objectclass ldapsubentry effective + immediately +- changes from 1.3.7.3 + - Ticket 49354 - fix regression in total init due to mistake in + range fetch + - Ticket 49370 - local password policies should use the same + defaults as the global policy + - Ticket 48989 - Delete slow lib389 test + - Ticket 49367 - missing braces in idsktune + - Ticket 49364 - incorrect function declaration. + - Ticket 49275 - fix tls auth regression + - Ticket 49038 - Revise creation of cn=replication,cn=config + - Ticket 49368 - Fix typo in log message + - Ticket 48059 - Add docstrings to CLU tests + - Ticket 47840 - Add docstrings to setup tests + - Ticket 49348 - support perlless and wrapperless install + +------------------------------------------------------------------- +Tue Sep 19 09:39:08 CEST 2017 - kukuk@suse.de + +- Remove unnecessary ldconfig calls + +------------------------------------------------------------------- +Wed Aug 30 15:49:42 UTC 2017 - mrueckert@suse.de + +- update to 1.3.7.2 + - Ticket 49038 - Fix regression from legacy code cleanup + - Ticket 49295 - Fix CI tests + - Ticket 48067 - Add bugzilla tests for ds_logs + - Ticket 49356 - mapping tree crash can occur during tot init + - Ticket 49275 - fix compiler warns for gcc 7 + - Ticket 49248 - Add a docstring to account locking test case + - Ticket 49445 - remove dead code + - Ticket 48081 - Add regression tests for pwpolicy + - Ticket 48056 - Add docstrings to basic test suite + - Ticket 49349 - global name ‘imap’ is not defined + - Ticket 83 - lib389 - Fix tests and create_test.py + - Ticket 48185 - Remove referint-logchanges attr from referint’s + config + - Ticket 48081 - Add regression tests for pwpolicy + - Ticket 83 - lib389 - Replace topology agmt objects + - Ticket 49331 - change autoscaling defaults + - Ticket 49330 - Improve ndn cache performance. + - Ticket 49347 - reproducable build numbers + - Ticket 39344 - changelog ldif import fails + - Ticket 49337 - Add regression tests for import tests + - Ticket 49309 - syntax checking on referint’s delay attr + - Ticket 49336 - SECURITY: Locked account provides different + return code + - Ticket 49332 - Event queue is not working + - Ticket 49313 - Change the retrochangelog default cache size + - Ticket 49329 - Descriptive error msg for USN cleanup task + - Ticket 49328 - Cleanup source code + - Ticket 49299 - Add normalized dn cache stats to dbmon.sh + - Ticket 49290 - improve idl handling in complex searches + - Ticket 49328 - Update clang-format config file + - Ticket 49091 - remove usage of changelog semaphore + - Ticket 49275 - shadow warnings for gcc7 - pass 1 + - Ticket 49316 - fix missing not condition in clock cleanu + - Ticket 49038 - Remove legacy replication + - Ticket 49287 - v3 extend csnpl handling to multiple backends + - Ticket 49310 - remove sds logging in debug builds + - Ticket 49031 - Improve memberof with a cache of group parents + - Ticket 49316 - Fix clock unsafety in DS + - Ticket 48210 - Add IP addr and connid to monitor output + - Ticket 49295 - Fix CI tests and compiler warnings + - Ticket 49295 - Fix CI tests + - Ticket 49305 - Improve atomic behaviours in 389-ds + - Ticket 49298 - fix missing header + - Ticket 49314 - Add untracked files to the .gitignore + - Ticket 49303 - Fix error in CI test + - Ticket 49302 - fix dirsrv importst due to lib389 change + - Ticket 49303 - Add option to disable TLS client-initiated + renegotiation + - Ticket 49298 - force sync() on shutdown + - Ticket 49306 - make -f rpm.mk rpms produces build without + tcmalloc enabled + - Ticket 49297 - improve search perf in bpt by removing a deref + - Ticket 49284 - resolve crash in memberof when deleting attrs + - Ticket 49290 - unindexed range searches don’t provide notes=U + - Ticket 49301 - Add one logpipe test case +- changes from 1.3.6.8 + - Ticket 49356 - mapping tree crash can occur during tot init +- changes from 1.3.6.7 + - Ticket 49330 - Improve ndn cache performance + - Ticket 49298 - fix missing header + - Ticket 49298 - force sync() on shutdown + - Ticket 49336 - SECURITY: Locked account provides different + return code + - Ticket 49334 - fix backup restore if changelog exists + - Ticket 49313 - Change the retrochangelog default cache size + - Fix error log format in add.c + - Ticket 49287 - fix compiler warning for patch 49287 + - Ticket 49287 - v3 extend csnpl handling to multiple backends + - Ticket 49288 - RootDN Access wrong plugin path in + template-dse.ldif.in + - Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV if + related pblock has not operation set + - Ticket 49008 - Fix MO plugin betxn test + - Ticket 49227 - ldapsearch does not return the expected Error + log level + - Ticket 49028 - Add autotuning test suite + - Ticket 49273 - bak2db doesn’t operate with dbversion + - Ticket 49184 - adjust logging level in MO plugin + - Ticket 49257 - only register modify callbacks + - Ticket 49257 - Update CI script + - Ticket 49008 - Adjust CI test for new memberOf behavior + - Ticket 49273 - crash when DBVERSION is corrupt. + - Ticket 49268 - master branch fails on big endian systems + - Ticket 49241 - add symblic link location to db2bak.pl output + - Ticket 49257 - Reject nsslapd-cachememsize & nsslapd-cachesize + when nsslapd-cache-autosize is set + - Ticket 48538 - Failed to delete old semaphore + - Ticket 49231 - force EXTERNAL always + - Ticket 49267 - autosize split of 0 results in dbcache of 0 + +------------------------------------------------------------------- +Wed Aug 30 12:29:40 UTC 2017 - bwiedemann@suse.com + +- Add 389-ds-reproducible.patch not use build date in build num + to make build reproducible (boo#1047218) + +------------------------------------------------------------------- +Tue Aug 15 14:37:47 UTC 2017 - hguo@suse.com + +- Introduce acl as mandatory runtime dependency. + +------------------------------------------------------------------- +Tue Aug 8 14:37:00 UTC 2017 - hguo@suse.com + +- Rename patch 389-ds-base-1.3.2.11_init_fhs.patch -> 0001-init_fhs.patch +- Fix faulty python module import with patch + 0002-use-python2-for-selinux-detection.patch +- Conduct a major clean-up of spec file to remove all outdated macros +- Introduce extra schema files from OpenLDAP distribution with + extra-schema.tgz and LICENSE.openldap + +------------------------------------------------------------------- +Sat May 27 08:46:54 UTC 2017 - mrueckert@suse.de + +- update to 1.3.6.6 + - Ticket 49157 - fix error in ds-logpipe.py + - Ticket 48864 - remove config.h from spal header. + - Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework + report format + - Ticket 49261 - Fix script usage and man pages + - Ticket 49238 - AddressSanitizer: heap-use-after-free in + libreplication + - Ticket 48864 - Fix FreeIPA build + - Ticket 49257 - Reject dbcachesize updates while auto cache + sizing is enabled + - Ticket 49249 - cos_cache is erroneously logging schema checking + failure + - Ticket 49258 - Allow nsslapd-cache-autosize to be modified + while the server is running + - Ticket 49247 - resolve build issues on debian + - Ticket 49246 - ns-slapd crashes in role cache creation + - Ticket 49157 - ds-logpipe.py crashes for non-existing users + - Ticket 49241 - Update man page and usage for db2bak.pl + - Ticket 49075 - Adjust logging severity levels + - Ticket 47662 - db2index not properly evaluating arguments + - Ticket 48989 - fix perf counters +- changes from 1.3.6.5 + - Ticket 49231 - fix sasl mech handling + - Ticket 49233 - Fix crash in persistent search + - Ticket 49230 - slapi_register_plugin creates config entry where + it should not + - Ticket 49135 - PBKDF2 should determine rounds at startup + - Ticket 49236 - Fix CI Tests + - Ticket 48310 - entry distribution should be case insensitive + - Ticket 49224 - without –prefix, $prefixdir would be NONE in + defaults. +- drop 9563d299.patch: included upstream + +------------------------------------------------------------------- +Fri May 19 10:32:03 UTC 2017 - mrueckert@suse.de + +- added 9563d299.patch to fix building slapi-nis and freeipa + +------------------------------------------------------------------- +Thu May 11 11:01:05 UTC 2017 - jengelh@inai.de + +- Do not suppress errors from user/group creation. + Add some safety quoting here and there. + +------------------------------------------------------------------- +Thu Apr 27 21:02:04 UTC 2017 - mrueckert@suse.de + +- update to 1.3.6.4 + - Ticket 49228 - Fix SSE4.2 detection. + - Ticket 49229 - Correct issues in latest commits + - Ticket 49226 - Memory leak in ldap-agent-bin + - Ticket 49214 - Implement htree concept + - Ticket 49119 - Cleanup configure.ac options and defines + - Ticket 49097 - whitespace fixes for pblock change + - Ticket 49097 - Pblock get/set cleanup + - Ticket 49222 - Resolve various test issues on rawhide + - Issue 48978 - Fix the emergency logging functions severity + levels + - Issue 49227 - ldapsearch for nsslapd-errorlog-level returns + incorrect values + - Ticket 49041 - nss won’t start if sql db type set + - Ticket 49223 - Fix sds queue locking + - Issue 49204 - Fix 32bit arch build failures + - Issue 49204 - Need to update function declaration + - Ticket 49204 - Fix lower bounds on import autosize + On small + VM, autotune breaks the access of the suffixes + - Issue 49221 - During an upgrade the provided localhost name is + ignored + - Issue 49220 - Remote crash via crafted LDAP messages (SECURITY + FIX) + - Ticket 49184 - Overflow in memberof + - Ticket 48050 - Add account policy tests to plugins test suite + - Ticket 49207 - Supply docker POC build for DS. + - Issue 47662 - CLI args get removed + - Issue 49210 - Fix regression when checking is password min age + should be checked + - Ticket 48864 - Add cgroup memory limit detection to 389-ds + - Issue 48085 - Expand the repl acceptance test suite + - Ticket 49209 - Hang due to omitted replica lock release + - Ticket 48864 - Cleanup memory detection before we add cgroup + support + - Ticket 48864 - Cleanup up broken format macros and imports + - Ticket 49153 - Remove vacuum lock on transaction cleanup + - Ticket 49200 - provide minimal dse.ldif for python installer + - Issue 49205 - Fix logconv.pl man page + - Issue 49177 - Fix pkg-config file + - Issue 49035 - dbmon.sh shows pages-in-use that exceeds the + cache size + - Ticket 48432 - Linux capabilities on ns-slapd + - Ticket 49196 - Autotune generates crit messages + - Ticket 49194 - Lower default ioblock timeout + - Ticket 49193 - gcc7 warning fixes + - Issue 49039 - password min age should be ignored if password + needs to be reset + - Ticket 48989 - Re-implement lock counter + - Issue 49192 - Deleting suffix can hang server + - Issue 49156 - Modify token :assert: to :expectedresults: + - Ticket 48989 - missing return in counter + - Ticket 48989 - Improve counter overflow fix + - Ticket 49190 - Upgrade lfds to 7.1.1 + - Ticket 49187 - Fix attribute definition + - Ticket 49185 - Fix memleak in compute init + +------------------------------------------------------------------- +Fri Mar 24 13:42:40 UTC 2017 - mrueckert@suse.de + +- update to 1.3.6.3 + This release contains security and bug fixes and a few + enhancements. + - Issue 49177 - rpm would not create valid pkgconfig files(pt2) + - Issue 49186 - Fix NS to improve shutdown relability + - Issue 49174 - nunc-stans can not use negative timeout + - Issue 49076 - To debug DB_DEADLOCK condition, allow to reset + DB_TXN_NOWAIT flag on txn_begin + - Issue 49188 - retrocl can crash server at shutdown + - Issue 47840 - Add setup_ds test suite + - Fix srvcore version dependancy + - Issue 48989 - Overflow in counters and monitor + - Issue 49095 - targetattr wildcard evaluation is incorrectly + case sensitive + - Issue 49177 - rpm would not create valid pkgconfig files + - Issue 49176 - Remove tcmalloc restriction from s390x + - Issue 49157 - ds-logpipe.py crashes for non-existing users + - Issue 49065 - dbmon.sh fails if you have + nsslapd-require-secure-binds enabled + - Issue 49095 - Fix double-free in _cl5NewDBFile() error path + - Issue 49169 - Fix covscan errors(regression) + - Issue 49172 - Fix test schema files + - Issue 49171 - Nunc Stans incorrectly reports a timeout + - Issue 49169 - Fix covscan errors + - Issue 49164 - Change NS to acq-rel semantics for atomics + - Issue 49154 - Nunc Stans stress should assert it has 95% + success rate + - Issue 49165 - pw_verify did not handle external auth + - Issue 49062 - Reset agmt update staus and total init + - Issue 49151 - Remove defunct selinux policy +- add BR for autoconf, autotool, libtool as upstream doesn't ship + a prebuilt configure anymore +- import BR from nunc-stans as it is intree now: + libtevent-devel libtalloc-devel libevent-devel +- added BR for doxygen to build doxygen +- enable auto-dn-suffix feature + +------------------------------------------------------------------- +Mon Feb 20 12:49:23 UTC 2017 - mrueckert@suse.de + +- fix build on factory: libsystemd-* libs got merged into libsystemd. + +------------------------------------------------------------------- +Wed Dec 21 15:48:51 UTC 2016 - mrueckert@suse.de + +- update to 1.3.5.15 + - bz1358565 - Clear and unsalted password types are vulnerable to + timing attack (SECURITY FIX) + - Ticket 49016 - (un)register/migration/remove may fail if there + is no suffix on ‘userRoot’ backend + - Ticket 48328 - Add missing dependency + - Ticket 49009 - args debug logging must be more restrictive + - Ticket 49014 - ns-accountstatus.pl shows wrong status for + accounts inactivated by Account policy plugin + - Ticket 47703 - remove search limit for aci group evaluation + - Ticket 48909 - Replication stops working in FIPS mode +- changes in 1.3.5.14 + - Ticket 48992 - Total init may fail if the pushed schema is + rejected + - Ticket 48832 - Fix CI test suite for password min age + - Ticket 48983 - Configure and Makefile.in from new default paths + work. + - Ticket 48983 - Configure and Makefile.in from new default paths + work. + - Ticket 48983 - generate install path info from autotools + scripts + - Ticket 48944 - on a read only replica invalid state info can + accumulate + - Ticket 48766 - use a consumer maxcsn only as anchor if supplier + is more advanced + - Ticket 48921 - CI Replication stress tests have limits set too + low + - Ticket 48969 - nsslapd-auditfaillog always has an explicit path + - Ticket 48957 - Update repl-monitor to handle new status + messages + - Ticket 48832 - Fix CI tests + - Ticket 48975 - Disabling CLEAR password storage scheme will + crash server when setting a password + - Ticket 48369 - Add CI test suite + - Ticket 48970 - Serverside sorting crashes the server + - Ticket 48972 - remove old pwp code that adds/removes ACIs + - Ticket 48957 - set proper update status to replication + agreement in case of failure + - Ticket 48950 - Add systemd warning to the LD_PRELOAD example in + /etc/sysconfig/dirsrv + - provide backend dir in suffix template + - Ticket 48953 - Skip labelling and unlabelling ports during the + test + - Ticket 48967 - Add CI test and refactor test suite + - Ticket 48967 - passwordMinAge attribute doesn’t limit the + minimum age of the password + - Fix jenkins warnings about unused vars + - Ticket 48402 - v3 allow plugins to detect a restore or import + - Ticket #48969 - nsslapd-auditfaillog always has an explicit + path + - Ticket 48964 - cleanAllRUV changelog purging incorrectly + processes all backends + - Ticket 48965 - Fix building rpms using rpm.mk + - Ticket 48965 - Fix generation of the pre-release version + - Bugzilla 1368956 - man page of ns-accountstatus.pl shows + redundant entries for -p port option + - Ticket 48960 - Crash in import_wait_for_space_in_fifo(). + - Ticket 48832 - Fix more CI test failures + - Ticket 48958 - Audit fail log doesn’t work if audit log + disabled. + - Ticket 48956 - ns-accountstatus.pl showing “activated” user + even if it is inactivated + - Ticket 48954 - replication fails because anchorcsn cannot be + found + - Ticket 48832 - Fix CI tests failures from jenkins server + - Ticket 48950 - Change example in /etc/sysconfig/dirsrv to use + tcmalloc + +------------------------------------------------------------------- +Sat Nov 19 21:02:06 UTC 2016 - aj@ajaissle.de + +- New upstream release 1.3.4.14 + +------------------------------------------------------------------- +Mon Sep 5 13:13:06 UTC 2016 - mrueckert@suse.de + +- update to 1.3.5.13 + - CVE-2016-4992 389-ds-base: Information disclosure via repeated + use of LDAP ADD operation, etc. + - Ticket 47538 - Fix repl-monitor color and lag times + - Ticket 47538 - repl-monitor.pl legend not properly sorted + - Ticket 47538 - repl-monitor.pl not displaying correct color + code for lag time + - Ticket 47664 - Move CI test to the pr suite and refactor + - Ticket 47824 - Remove CI test from tickets and add logging + - Ticket 47911 - split out snmp agent into a subpackage + - Ticket 47976 - Add fixed CI test case + - Ticket 47982 - Fix log hr timestamps when invalid value is set + in cn=config + - Ticket 48109 - substring index with nssubstrbegin: 1 is not + being used with filters like (attr=x*) + - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the + status of the directory server instance. + - Ticket 48191 - Move CI test to the pr suite and refactor + - Ticket 48234 - “matching rules” in ACI’s “bind rules not fully + evaluated + - Ticket 48234 - CI test: test case for ticket 48234 + - Ticket 48275 - search returns no entry when OR filter component + contains non readable attribute + - Ticket 48326 - Move CI test to config test suite and refactor + - Ticket 48336 - Missing semanage dependency + - Ticket 48336 - setup-ds should detect if port is already + defined + - Ticket 48346 - ldaputil code cleanup + - Ticket 48346 - log too verbose when re-acquiring expired ticket + - Ticket 48354 - Review of default ACI in the directory server + - Ticket 48363 - CI test - add test suite + - Ticket 48366 - proxyauth does not work bound as directory + manager + - Ticket 48404 - libslapd owned by libs and devel + - Ticket 48449 - Import readNSState from richm’s repo + - Ticket 48449 - Import readNSState.py from RichM’s repo + - Ticket 48450 - Add prestart work around for systemd ask + password + - Ticket 48450 - Autotools components for + ds_systemd_ask_password_acl + - Ticket 48617 - Coverity fixes + - Ticket 48636 - Fix config validation check + - Ticket 48636 - Improve replication convergence + - Ticket 48637 - DN cache is not always updated when ADD + operation fails + - Ticket 48743 - If a cipher is disabled do not attempt to look + it up + - Ticket 48745 - Matching Rule caseExactIA5Match indexes + incorrectly values with upper cases + - Ticket 48745 - Matching Rule caseExactIA5Match indexes + incorrectly values with upper cases + - Ticket 48747 - dirsrv service fails to start when + nsslapd-listenhost is configured + - Ticket 48752 - Page result search should return empty cookie if + there is no returned entry + - Ticket 48752 - Add CI test + - Ticket 48754 - ldclt should support -H + - Ticket 48755 - moving an entry could make the online init fail + - Ticket 48755 - CI test: test case for ticket 48755 + - Ticket 48766 - Replication changelog can incorrectly skip over + updates + - Ticket 48767 - flow control in replication also blocks + receiving results + - Ticket 48795 - Make various improvements to create_test.py + - Ticket 48799 - Test cases for objectClass values being dropped. + - Ticket 48815 - ns-accountstatus.pl - fix DN normalization + - Ticket 48832 - Fix timing and localhost issues + - Ticket 48832 - CI tests + - Ticket 48833 - 389 showing inconsistent values for shadowMax + and shadowWarning in 1.3.5.1 + - Ticket 48834 - Fix jenkins: discared qualifier on auditlog.c + - Ticket 48834 - Modifier’s name is not recorded in the audit log + with modrdn and moddn operations + - Ticket 48844 - Regression introduced in matching rules by DS + 48746 + - Ticket 48846 - 32 bit systems set low vmsize + - Ticket 48846 - Older kernels do not expose memavailable + - Ticket 48846 - Rlimit checks should detect RLIM_INFINITY + - Ticket 48848 - modrdn deleteoldrdn can fail to find old + attribute value, perhaps due to case folding + - Ticket 48849 - Systemd introduced incompatible changes that + breaks ds build + - Ticket 48850 - Correct memory leaks in pwdhash-bin and ns-slapd + - Ticket 48854 - Running db2index with no options breaks + replication + - Ticket 48855 - Add basic pwdPolicy tests + - Ticket 48858 - Segfault changing nsslapd-rootpw + - Ticket 48862 - At startup DES to AES password conversion causes + timeout in start script + - Ticket 48863 - remove check for vmsize from util_info_sys_pages + - Ticket 48870 - Correct plugin execution order due to changes in + exop + - Ticket 48872 - Fix segfault and use after free in plugin + shutdown + - Ticket 48873 - Backend should accept the reduced cache + allocation when issane == 1 + - Ticket 48877 - Fixes for RPM spec with spectool + - Ticket 48880 - adding pre/post extop ability + - Ticket 48882 - server can hang in connection list processing + - Ticket 48889 - ldclt - fix man page and usage info + - Ticket 48891 - ns-slapd crashes during the shutdown after + adding attribute with a matching rule + - Ticket 48892 - Wrong result code display in audit-failure log + - Ticket 48893 - cn=config should not have readable components to + anonymous + - Ticket 48895 - tests package should be noarch + - Ticket 48898 - Crash during shutdown if nunc-stans is enabled + - Ticket 48899 - Values of dbcachetries/dbcachehits in cn=monitor + could overflow. + - Ticket 48900 - Add connection perf stats to logconv.pl + - Ticket 48902 - Strdup pwdstoragescheme name to prevent + misbehaving plugins + - Ticket 48904 - syncrepl search returning error 329; plugin + sending a bad error code + - Ticket 48905 - coverity defects + - Ticket 48912 - ntUserNtPassword schema + - Ticket 48914 - db2bak.pl task enters infinitive loop when bak + fs is almost full + - Ticket 48916 - DNA Threshold set to 0 causes SIGFPE + - Ticket 48918 - Upgrade to 389-ds-base >= 1.3.5.5 doesn’t + install 389-ds-base-snmp + - Ticket 48919 - Compiler warnings while building 389-ds-base on + RHEL7 + - Ticket 48920 - Memory leak in pwdhash-bin + - Ticket 48921 - Adding replication and reliability tests + - Ticket 48922 - Fix crash when deleting backend while import is + running + - Ticket 48924 - Fixup tombstone task needs to set proper flag + when updating tombstones + - Ticket 48925 - slapd crash with SIGILL: Dsktune should detect + lack of CMPXCHG16B + - Ticket 48928 - log of page result cookie should log empty + cookie with a different value than 0 + - Ticket 48930 - Paged result search can hang the server + - Ticket 48934 - remove-ds.pl deletes an instance even if wrong + prefix was specified + - Ticket 48935 - Update dirsrv.systemd file + - Ticket 48936 - Duplicate collation entries + - Ticket 48939 - nsslapd-workingdir is empty when ns-slapd is + started by systemd + - Ticket 48940 - DS logs have warning:ancestorid not indexed + - Ticket 48943 - When fine-grained policy is applied, a sub-tree + has a priority over a user while changing password + - Ticket 48943 - Add CI Test for the password test suite + +------------------------------------------------------------------- +Wed Jun 29 13:11:38 UTC 2016 - mrueckert@suse.de + +- update to 1.3.5.4 + - Ticket 48836 - replication session fails because of permission + denied + - Ticket 48837 - Replication: total init aborted + - Ticket 48617 - Server ram checks work in isolation + - Ticket 48220 - The “repl-monitor” web page does not display + “year” in date. + - Ticket 48829 - Add gssapi sasl replication bind test + - Ticket 48497 - uncomment pytest from CI test + - Ticket 48828 - db2ldif is not taking into account multiple + suffixes or backends + - Ticket 48818 - Fix case where return code is always -1 + - Ticket 48826 - 52updateAESplugin.pl may fail on older versions + of perl + - Ticket 48825 - Configure make generate invalid makefile +- changes from 1.3.5.3 + - Ticket 47536 - Allow usage of OpenLDAP libraries that don’t use + NSS for crypto + - Ticket 47536 - CI test: added test cases for ticket 47536 + - Ticket 47840 - default instance scripts if undefined. + - Ticket 47888 - Add CI test + - Ticket 47888 - DES to AES password conversion fails if a + backend is empty + - Ticket 47951 - Fix startpid from altering dev/null + - Ticket 47968 - Disable journald logs by default + - Ticket 47982 - HR Log timers, regression fix for subsystem + logging + - Ticket 48078 - CI test - paged_results - TET part + - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the + status of the directory server instance. + - Ticket 48269 - ns-accountstatus status message improvement + - Ticket 48342 - DNA: deadlock during DNA_EXTEND_EXOP_REQUEST_OID + - Ticket 48342 - DNA Deadlock test cases + - Ticket 48342 - Prevent transaction abort if a transaction has + not begun + - Ticket 48350 - Integrate ASAN into our rpm build process + - Ticket 48374 - entry cache locks not released in error + conditions + - Ticket 48410 - 389-ds-base - Unable to remove / unregister a DS + instance from admin server + - Ticket 48447 - with-initddir should accept no + - Ticket 48450 - Systemd password agent support + - Ticket 48492 - heap corruption at schema replication. + - Ticket 48597 - Deadlock when rebuilding the group of authorized + replication managers + - Ticket 48662 - db2index with no attribute args fail. + - Ticket 48710 - auto-dn-suffix unrecognized option + - Ticket 48769 - Fix white space in extendedop.c + - Ticket 48769 - RFE: Be_txn extended operation plugin type + - Ticket 48770 - Improve extended op plugin handling + - Ticket 48775 - If nsSSL3 is on, even if SSL v3 is not really + enabled, a confusing message is logged. + - Ticket 48779 - Remove startpidfile check in start-dirsrv + - Ticket 48781 - Vague error message: setup_ol_tls_conn - failed: + unable to create new TLS context + - Ticket 48782 - Make sure that when LDAP_OPT_X_TLS_NEWCTX is + set, the value is set to zero. + - Ticket 48783 - Fix ns-accountstatus.pl syntax error + - Ticket 48784 - CI test: added test cases for ticket 48784 + - Ticket 48784 - Make the SSL version set to the client library + configurable. + - Ticket 48798 - Enable DS to offer weaker DH params in NSS + - Ticket 48799 - objectclass values could be dropped on the + consumer + - Ticket 48800 - Cleaning up error buffers + - Ticket 48801 - ASAN errors during tests + - Ticket 48802 - Compilation warnings from clang + - Ticket 48808 - Add test case + - Ticket 48808 - Paged results search returns the blank list of + entries + - Ticket 48813 - password history is not updated when an admin + resets the password + - Ticket 48815 - ns-accountstatus.sh does handle DN’s with single + quotes + - Ticket 48818 - In docker, no one can hear your process hang. + - Ticket 48822 - (389-ds-base-1.3.5) Fixing coverity issues. + - Ticket 48824 - Cleanup rpm.mk and 389 specfile +- enable nunc-stans + +------------------------------------------------------------------- +Fri Apr 29 00:51:36 UTC 2016 - mrueckert@suse.de + +- should also define the username + +------------------------------------------------------------------- +Fri Apr 29 00:27:43 UTC 2016 - mrueckert@suse.de + +- fix building systemd stuff +- create user and home directory for it + +------------------------------------------------------------------- +Thu Apr 14 01:52:13 UTC 2016 - mrueckert@suse.de + +- limit gcc_security to TW. it enables compiler options not + supported on leap e.g. + +------------------------------------------------------------------- +Thu Apr 14 01:41:49 UTC 2016 - mrueckert@suse.de + +- enable more gcc security features +- enable selinux +- fix the systemd options to actually pass some variable and also + set the tmpfiles path + +------------------------------------------------------------------- +Thu Apr 14 01:23:51 UTC 2016 - mrueckert@suse.de + +- update to 1.3.5.1 + - Ticket 47982 - improve timestamp resolution in logs + - Ticket 48759 - no plugin calls in tombstone purging + - Ticket 48665 - Prevent sefault in + ldbm_instance_modify_config_entry + - Ticket 48757 - License tag does not match actual license of + code + - Ticket 48746 - Crash when indexing an attribute with a matching + rule + - Ticket 48497 - extended search without MR indexed attribute + prevents later indexing with that MR + - Ticket 48368 - Resolve the py.test conflicts with the + create_test.py issue + - Ticket 48748 - Fix memory_leaks test suite teardown failure + - Ticket 48383 - import tasks with dynamic buffer sizes + - Ticket 48420 - change severity of some messages related to + "keep alive" entries + - Ticket 48386 - Clean up dsktune code + - Ticket 48537 - undefined reference to `abstraction_increment' + - Ticket 48747 - dirsrv service fails to start when + nsslapd-listenhost is configured +- changes from 1.3.5.0 + - Ticket 132 - Makefile.am must include header files and + template scripts + - Ticket 142 - [RFE] Default password syntax settings don't + work with fine-grained policies + - Ticket 548 - RFE: Allow AD password sync to update + shadowLastChange + - Ticket 47788 - Only check postop result if its a replication + operation + - Ticket 47840 - add configure option to disable instance + specific scripts + - Ticket 47968 - [RFE] Send logs to journald + - Ticket 47977 - [RFE] Implement sd_notify mechanism + - Ticket 48016 - search, matching rules and filter error + "unsupported type 0xA9" + - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the + status of the directory server instance. + - Ticket 48145 - RFE Add log file for rejected changes + - Ticket 48147 - Unable to enable DS service for auto start + - Ticket 48151 - Improve CleanAllRUV task logging + - Ticket 48218 - cleanAllRUV - modify the existing "force" option + to bypass the "replica online" checks + - Ticket 48244 - No validation check for the value for + nsslapd-db-locks. + - Ticket 48257 - Fix coverity issues - 08/24/2015 + - Ticket 48263 - allow plugins to detect tombstone operations + - Ticket 48269 - RFE: need an easy way to detect locked accounts + locked by inactivity. + - Ticket 48270 - fail to index an attribute with a specific + matching rule/48269 + - Ticket 48280 - enable logging of internal ops in the audit log + - Ticket 48285 - The dirsrv user/group should be created in rpm + %pre, and ideally with fixed uid/gid + - Ticket 48289 - 389-ds-base: ldclt-bin killed by SIGSEGV + - Ticket 48290 - No man page entry for - option '-u' of dbgen.pl + for adding group entries with uniquemembers + - Ticket 48294 - Linked Attributes plug-in - won't update links + after MODRDN operation + - Ticket 48295 - Entry cache is not rolled back -- Linked + Attributes plug-in - wrong behaviour when adding valid and + broken links + - Ticket 48311 - nunc-stans: Attempt to release connection that + is not acquired + - Ticket 48317 - SELinux port labeling retry attempts are + excessive + - Ticket 48326 - [RFE] it could be nice to have + nsslapd-maxbersize default to bigger than 2Mb + - Ticket 48350 - configure.ac add options for debbuging and + security analysis / hardening. + - Ticket 48351 - Fix buffer overflow error when reading url with + len 0 + - Ticket 48363 - Support for rfc3673 '+' to return operational + attributes + - Ticket 48369 - [RFE] response control for password age should + be sent by default by RHDS + - Ticket 48384 - Server startup should warn about values + consuming too much ram + - Ticket 48387 - ASAN invalid read in cos_cache.c + - Ticket 48394 - lower password history minimum to 1 + - Ticket 48395 - ASAN - Use after free in uiduniq 7bit.c + - Ticket 48398 - Coverity defect 13352 - Resource leak in + auditlog.c + - Ticket 48400 - ldclt - segmentation fault error while binding + - Ticket 48445 - keep alive entries can break replication + - Ticket 48446 - logconv.pl displays negative operation speeds + - Ticket 48566 - acl.c attrFilterArray maybe uninitialised. + - Ticket 48662 - db2index with no attribute args fail. + +------------------------------------------------------------------- +Tue Mar 1 16:39:06 UTC 2016 - claes.backstrom@opensuse.org + +- Update to new upstream release 1.3.4.8 + * Various bugs are fixed + +------------------------------------------------------------------- +Fri Nov 20 10:49:42 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.4.5 + * Various bugs are fixed + +------------------------------------------------------------------- +Mon Sep 14 08:50:01 UTC 2015 - hguo@suse.com + +- Upgrade from 1.3.3.13 to 1.3.4.4 with accumulated bugfixes. + +------------------------------------------------------------------- +Wed Sep 9 11:07:09 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.13 +- Removed 389-ds-1.3.3.11-CVE-2015-3230.patch (included upstream) + +------------------------------------------------------------------- +Wed Jun 17 09:38:48 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.11 +- Added 389-ds-1.3.3.11-CVE-2015-3230.patch: + nsSSL3Ciphers preference not enforced on server side + [boo#934934] [CVE-2015-3230] + +------------------------------------------------------------------- +Wed Apr 29 10:17:58 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.10 + * One important security bug was fixed: + Bug 1216203 - CVE-2015-1854 389ds-base: access control bypass with modrdn + +------------------------------------------------------------------- +Wed Apr 15 09:05:08 UTC 2015 - jengelh@inai.de + +- Simplify filelist + +------------------------------------------------------------------- +Mon Apr 13 19:30:00 UTC 2015 - aj@ajaissle.de + +- Move bin/ and sbin/ to /usr/lib/389-ds/bin resp. sbin/ +- Removed conflict with atheme + +------------------------------------------------------------------- +Sat Mar 28 10:34:43 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.9 + * Several bugs are fixed including 2 security bugs + Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all] + Ticket 47431 - Duplicate values for the attribute nsslapd-pluginarg are not handled correctly + Ticket 47451 - dynamic plugins - fix crash caused by invalid plugin config + Ticket 47728 - compilation failed with ' incomplete struct/union/enum' if not set USE_POSIX_RWLOCKS + Ticket 47742 - 64bit problem on big endian: auth method not supported + Ticket 47801 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown + Ticket 47828 - DNA scope: allow to exlude some subtrees + Ticket 47836 - Do not return '0' as empty fallback value of nsds5replicalastupdatestart and nsds5replicalastupdatestart + Ticket 47901 - After total init, nsds5replicaLastInitStatus can report an erroneous error status (like 'Referral') + Ticket 47936 - Create a global lock to serialize write operations over several backends + Ticket 47957 - Make ReplicaWaitForAsyncResults configurable + Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD + Ticket 48003 - add template scripts + Ticket 48003 - build "suite" framework + Ticket 48005 - ns-slapd crash in shutdown phase + Ticket 48021 - nsDS5ReplicaBindDNGroup checkinterval not working properly + Ticket 48027 - revise the rootdn plugin configuration validation + Ticket 48030 - spec file should run "systemctl stop" against each running instance instead of dirsrv.target + Ticket 48048 - Fix coverity issues - 2015/2/24 + Ticket 48048 - Fix coverity issues - 2015/3/1 + Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) + +------------------------------------------------------------------- +Wed Dec 24 21:05:17 UTC 2014 - aj@ajaissle.de + +- Conflicts with atheme -- /usr/sbin/dbverify + +------------------------------------------------------------------- +Tue Dec 9 15:41:21 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.5 +* Several bugs are fixed. + +------------------------------------------------------------------- +Tue Sep 9 09:50:20 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.0 +* First cut of 389-ds-base-1.3.3.x + +------------------------------------------------------------------- +Fri Aug 29 10:38:51 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.2.23 +* Various bugs were fixed + +- Highlights since 1.3.2.16: +* Important bugs including memory leaks and crash bugs were fixed + (1.3.2.17) +* Various bugs were fixed (1.3.2.18) +* Various bugs were fixed (1.3.2.19) +* A security bug was fixed (1.3.2.22) + +------------------------------------------------------------------- +Thu Mar 27 12:20:23 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.2.16 +* Directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind +* Create a normalized dn cache +* Replication retry time attributes cannot be added +* Empty control list causes LDAP protocol error is thrown (dup 47361) +* Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version +* Windows Sync group issues +* Size returned by slapi_entry_size is not accurate +* Single valued attribute replicated ADD does not work +* Environment variables are not passed when DS is started via service +* Propagate plugin precedence to all registered function types +* Unresolved external symbol references break loading of the ACL plugin +* Package issue in 389-ds-base + +- Fix unresolveable 'Requires:' +* perl(Mozilla:LDAP) -> perl(Mozilla::LDAP::API), perl(Mozilla::LDAP::Conn), + perl(Mozilla::LDAP::Entry), perl(Mozilla::LDAP::LDIF), perl(Mozilla::LDAP::Utils) +* cyrus-sasl-md5 -> cyrus-sasl-digestmd5 + +- Macros for dirsrv-snmp in pre/post/preun/postun + +------------------------------------------------------------------- +Mon Feb 17 08:59:04 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.2.11 +* Enhancement: ACL supports new keyword SELFDN as in " = + #SELFDN" to allow users to create entries assigned to + themselves. Also handling subtype in ACL is improved. +* A dozen of bugs are fixed including a crash bug and a deadlock. + +- Spec cleanup +* enable init scripts for openSUSE < 1220 (e.g. SLES) +* dirsrv.target.wants goes into unitdir +* Added a 389-ds-rpmlintrc + +- Added 389-ds-base-1.3.2.11_init_fhs.patch +* Make init scripts LSB conform + +------------------------------------------------------------------- +Fri Dec 27 02:28:55 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 1.3.2.10 +* Suffixes used in the memberof and referential integrity plug-ins + are now configurable. +* The hard-coded limit of 64 masters was removed. +* Enhancements: plug-in library path validation, replication + logging, changelog trimming interval, and referential integrity. + +------------------------------------------------------------------- +Fri Aug 2 10:05:12 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 1.3.1.5 +* Plug-in transaction support +* Normalized DN cache +* Configurable allowed SASL mechanisms +* SASL mapping improvements +* Configurable SASL buffer +* Replication retry settings +* Instance script improvements +* Access log analyzer improvements +* Performance improvements + +------------------------------------------------------------------- +Mon Mar 11 11:47:45 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 1.3.0.3 +* No NEWS file available; SCM changelog entries at + http://port389.org/wiki/Releases/1.3.0.2#New_features_.2F_Fixed_bugs_in_1.3.0 + +------------------------------------------------------------------- +Wed Sep 26 11:06:01 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 1.2.11.15 +* This is a bugfix release to CLEANALLRUV, userpassword, + schema reloading and others. + +------------------------------------------------------------------- +Mon Sep 17 09:26:12 UTC 2012 - jengelh@inai.de + +- Initial package (version 1.2.11.12) for build.opensuse.org diff --git a/389-ds.spec b/389-ds.spec new file mode 100644 index 0000000..56a0f8b --- /dev/null +++ b/389-ds.spec @@ -0,0 +1,547 @@ +# +# spec file for package 389-ds +# +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# bcond is confusingly backwards to what you expect - without means +# to ENABLE the option, with means to DISABLE it. +%if (0%{is_opensuse} > 0) || (0%{?sle_version} > 150100) +%bcond_without lib389 +# Temporarily disable rust due to a broken library. +%bcond_with rust +%else +%bcond_with lib389 +%bcond_with rust +%endif + +%define use_python python3 +%define skip_python2 1 +%{?!python_module:%define python_module() python-%{**} python3-%{**}} + +# Home directory +%global pkgname dirsrv +%global groupname %{pkgname}.target + +%define homedir %{_localstatedir}/lib/dirsrv +%define logdir %{_localstatedir}/log/dirsrv +%define lockdir %{_localstatedir}/lock/dirsrv +# User and group name that own the home directory +%define user_group dirsrv +%ifnarch s390x s390 ppc64 ppc64le +%global use_tcmalloc 1 +%else +%global use_tcmalloc 0 +%endif +%define svrcorelib libsvrcore0 + +Name: 389-ds +Version: 1.4.1.6~git0.5ac5a8aad +Release: 0 +Summary: 389 Directory Server +License: GPL-3.0-or-later AND MPL-2.0 +Group: Productivity/Networking/LDAP/Servers +Url: https://pagure.io/389-ds-base +Source: 389-ds-base-%{version}.tar.bz2 +Source1: extra-schema.tgz +Source2: LICENSE.openldap +Source9: %{name}-rpmlintrc +# 389-ds does not support i686 +ExcludeArch: %ix86 +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: cracklib-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: db-devel >= 4.5 +BuildRequires: doxygen +BuildRequires: gcc-c++ +BuildRequires: gdb +BuildRequires: krb5-devel +BuildRequires: libcmocka-devel +BuildRequires: libevent-devel +BuildRequires: libtalloc-devel +BuildRequires: libtevent-devel +BuildRequires: libtool +# net-snmp-devel is needed to build the snmp ldap-agent +BuildRequires: net-snmp-devel >= 5.1.2 +BuildRequires: openldap2-devel +# pam-devel is required by the pam passthru auth plug-in +BuildRequires: %{python_module devel} +BuildRequires: %{python_module setuptools} +%if %{with lib389} +BuildRequires: %{python_module argcomplete} +BuildRequires: %{python_module argparse-manpage} +BuildRequires: %{python_module ldap >= 3} +BuildRequires: %{python_module pyasn1-modules} +BuildRequires: %{python_module pyasn1} +BuildRequires: %{python_module python-dateutil} +BuildRequires: %{python_module six} +%endif +BuildRequires: pam-devel +BuildRequires: pkgconfig +BuildRequires: python-rpm-macros +BuildRequires: pkgconfig(icu-i18n) +BuildRequires: pkgconfig(icu-uc) +BuildRequires: pkgconfig(libcap) +BuildRequires: pkgconfig(libpcre) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(nspr) +BuildRequires: pkgconfig(nss) +BuildRequires: pkgconfig(systemd) +%if %{use_tcmalloc} +BuildRequires: pkgconfig(libtcmalloc) +%endif +BuildRequires: rsync +%if %{with rust} +BuildRequires: cargo +BuildRequires: rust +%endif +Requires: %{_sbindir}/service +Requires: acl +# This is a requirement as it's the only known "safe" method of +# plaintext password authentication to ldap, beside the use of +# ldaps. +Requires: cyrus-sasl-plain +Requires: db-utils +%if %{with lib389} +Requires: lib389 = %{version} +%else +Requires: bind-utils +Requires: perl(Mozilla::LDAP::API) +Requires: perl(Mozilla::LDAP::Conn) +Requires: perl(Mozilla::LDAP::Entry) +Requires: perl(Mozilla::LDAP::LDIF) +Requires: perl(Mozilla::LDAP::Utils) +Requires: perl(NetAddr::IP) +Requires: perl(Socket6) +%endif +# Needed for creating the ccache and some GSSAPI steps in sasl +Requires: krb5 +# 389-ds does not directly require gssapi, but it is needed for +# ldap gssapi auth, so we recommend it. +# This used to be a requirement, but it's actually optional. +Recommends: cyrus-sasl-gssapi +# This is required by rfc2831, however it's also horribly insecure +# and requires insecure password storage. We really should remove +# it. +Recommends: cyrus-sasl-digestmd5 + +Requires(post): fillup +Requires(pre): shadow +PreReq: permissions +Obsoletes: 389-ds-base < %{version}-%{release} +Provides: 389-ds-base = %{version}-%{release} +%{?systemd_requires} + +%description +389 Directory Server is a full-featured LDAPv3 compliant server. In +addition to the standard LDAPv3 operations, it supports multi-master +replication, fully online configuration and administration, chaining, +virtual attributes, access control directives in the data, Virtual +List View, server-side sorting, SASL, TLS/SSL, and many other +features. (The server started out as Netscape Directory Server.) + +%package devel +Summary: Development files for the 389 Directory Server +License: GPL-3.0-or-later AND MPL-2.0 +Group: Development/Libraries/C and C++ +Provides: svrcore-devel = 4.1.4 +Obsoletes: svrcore-devel < 4.1.4 +Requires: %{name} = %{version} +Requires: %{svrcorelib} = %{version} +Requires: libevent-devel +Requires: openldap2-devel +Requires: pkgconfig +Requires: pkgconfig(nspr) +Requires: pkgconfig(nss) +Requires: pkgconfig(systemd) + +%description devel +389 Directory Server is a full-featured LDAPv3 compliant server. In +addition to the standard LDAPv3 operations, it supports multi-master +replication, fully online configuration and administration, chaining, +virtual attributes, access control directives in the data, Virtual +List View, server-side sorting, SASL, TLS/SSL, and many other +features. + +This package contains the development files for 389DS. + +%package snmp +Summary: SNMP Agent for 389 Directory Server +License: GPL-3.0-or-later AND MPL-2.0 +Group: System/Daemons +Requires: %{name} = %{version} + +Obsoletes: %{name} <= 1.3.6.2 + +%description snmp +SNMP Agent for the 389 Directory Server base package. + +%if %{with lib389} +%package -n lib389 +Summary: 389 Directory Server administration tools and library +License: GPL-3.0-or-later AND MPL-2.0 +Group: Development/Languages/Python +Requires: %{use_python}-argcomplete +Requires: %{use_python}-argparse-manpage +Requires: %{use_python}-ldap >= 3.0 +Requires: %{use_python}-pyasn1 +Requires: %{use_python}-pyasn1-modules +Requires: %{use_python}-python-dateutil +Requires: %{use_python}-six +Requires: krb5-client +Requires: mozilla-nss-tools +# We recommend this here as a supplementary tool for ldap +# server interaction, but it's in no way required. +Recommends: openldap2-client +# These are recommended if you have selinux on your system +# to allow some supplementary automated interactions during +# setup, but it's not required. +Recommends: python3-selinux +Recommends: python3-policycoreutils + +Provides: python3-lib389 = %{version}-%{release} +Obsoletes: python-lib389 < %{version}-%{release} +Obsoletes: python3-lib389 < %{version}-%{release} + +%description -n lib389 +Python library for interacting with and administering 389 +Directory Server instances locally or remotely. +%endif + +%package -n %{svrcorelib} +Summary: Secure PIN handling using NSS crypto +License: MPL-2.0 +Group: System/Libraries + +%description -n %{svrcorelib} +svrcore provides applications with several ways to handle secure PIN storage +e.g. in an application that must be restarted, but needs the PIN to unlock +the private key and other crypto material, without user intervention. svrcore +uses the facilities provided by NSS. + +%prep +%setup -q -a 1 -n %{name}-base-%{version} + +%build +# Make sure python3 is used in shebangs +# FIX ME!! This should be fixed in the source code !!! +sed -r -i '1s|^#!\s*%{_bindir}.*python.*|#!%{_bindir}/%{use_python}|' ldap/admin/src/scripts/{*.py,ds-replcheck} src/lib389/cli/ds* + +# TODO: +# seems to have no effect --enable-perl \ +# warning that it might lead to instabilities --with-journald \ +touch docs/custom.css +autoreconf -fi +export CFLAGS="%{optflags}" # -std=gnu99" +%configure \ + %if 0%{?suse_version} >= 1330 + --enable-gcc-security \ + %endif + --enable-autobind \ + --enable-auto-dn-suffix \ + --with-openldap \ + --enable-cmocka \ + %if %{use_tcmalloc} + --enable-tcmalloc \ + %endif + --with-selinux \ + %if %{with rust} + --enable-rust \ + %endif + %if %{with lib389} + --disable-perl \ + %else + --enable-perl \ + --with-perldir=%{_bindir} \ + %endif + --libexecdir=%{_prefix}/lib/dirsrv/ \ + --with-pythonexec="%{_bindir}/%{use_python}" \ + --with-systemd \ + --with-systemdgroupname=%{groupname} \ + --with-systemdsystemunitdir="%{_unitdir}" \ + --with-systemdsystemconfdir="%{_sysconfdir}/systemd/system" \ + --with-tmpfiles-d="%{_tmpfilesdir}" \ + --with-systemdgroupname=dirsrv.target \ + +export XCFLAGS="$CFLAGS" +make %{?_smp_mflags} +#make setup.py +%if %{with lib389} +pushd src/lib389 +%python_build +popd +%endif + +%install +%make_install +%if %{with lib389} +pushd src/lib389 +%python_install +popd +%endif + +cp -r man/man3 %{buildroot}%{_mandir}/man3 + +install -D -d -m 0750 %{buildroot}%{homedir} +mkdir -p %{buildroot}%{logdir} +mkdir -p %{buildroot}%{homedir} +mkdir -p %{buildroot}%{lockdir} + +#remove libtool archives and static libs +find %{buildroot} -type f -name "*.la" -delete -print + +# make sure perl scripts have a proper shebang +%if ! %{with lib389} +sed -i -e 's|#{{PERL-EXEC}}|#!%{_bindir}/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl +%endif + +# install extra schema files +cp -R extra-schema "%{buildroot}/%{_datadir}/dirsrv/" + +# bring OpenLDAP copyright notice here because it is referenced by several extra schema files +cp %{SOURCE2} ./ + +rm -rv %{buildroot}/usr/share/cockpit/ +rm -rv %{buildroot}/usr/share/metainfo/389-console/ +mv src/svrcore/README{,.svrcore} +mv src/svrcore/LICENSE{,.svrcore} + +%pre +if ! getent group %{user_group} >/dev/null; then + %{_sbindir}/groupadd -f -r %{user_group} +fi +if ! getent passwd %{user_group} >/dev/null; then + %{_sbindir}/useradd -r -g %{user_group} -s /sbin/nologin -r -d %{homedir} -c "User for 389 directory server" %{user_group} +fi + +%post +%fillup_only -n dirsrv +%set_permissions %{_sbindir}/ns-slapd + +%verifyscript +%verify_permissions -e %{_sbindir}/ns-slapd + +%postun +output=/dev/null +# reload to pick up any changes to systemd files +/bin/systemctl daemon-reload >$output 2>&1 || : +# reload to pick up any shared lib changes +%fillup_only -n dirsrv +%fillup_only -n dirsrv.systemd +exit 0 + +%preun +%service_del_preun %{pkgname}.target + +%pre snmp +%service_add_pre dirsrv-snmp.service + +%post snmp +%service_add_post %{pkgname}-snmp.service + +%preun snmp +%service_del_preun %{pkgname}-snmp.service + +%postun snmp +%service_del_postun %{pkgname}-snmp.service + +%post -n %{svrcorelib} -p /sbin/ldconfig + +%postun -n %{svrcorelib} -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%doc README* +%license LICENSE LICENSE.openldap +%dir %attr(-,%{user_group},%{user_group}) %{homedir} +%dir %attr(-,%{user_group},%{user_group}) %{logdir} +%config(noreplace) %{_sysconfdir}/dirsrv/config/* +%config(noreplace) %{_sysconfdir}/dirsrv/schema/* +%{_datadir}/dirsrv +%dir %{_libdir}/dirsrv +%dir %{_libdir}/dirsrv/* +%dir %{_sysconfdir}/dirsrv +%dir %{_sysconfdir}/dirsrv/config +%dir %{_sysconfdir}/dirsrv/schema +%{_libdir}/dirsrv/libns-dshttpd-*.so +%if ! %{with lib389} +%{_libdir}/dirsrv/perl/*.pm +%endif +%{_libdir}/dirsrv/plugins/*.so +%{_libdir}/dirsrv/python/*.py +%{_libdir}/dirsrv/*.so.* +%if %{with rust} +%{_libdir}/dirsrv/librsds.so +%endif +%exclude %{_mandir}/man1/ldap-agent* +%{_mandir}/man1/* +%{_mandir}/man5/* +%if %{with lib389} +%{_mandir}/man8/ns-slapd.8.gz +# With lib389 we don't package all the man pages for deprecated commands. Upstream needs to remove +# these from the build with --disable-perl flag set. +# These are excluded now +%exclude %{_mandir}/man8/bak2db.8.gz +%exclude %{_mandir}/man8/bak2db.pl.8.gz +%exclude %{_mandir}/man8/cleanallruv.pl.8.gz +%exclude %{_mandir}/man8/db2bak.8.gz +%exclude %{_mandir}/man8/db2bak.pl.8.gz +%exclude %{_mandir}/man8/db2index.8.gz +%exclude %{_mandir}/man8/db2index.pl.8.gz +%exclude %{_mandir}/man8/db2ldif.8.gz +%exclude %{_mandir}/man8/db2ldif.pl.8.gz +%exclude %{_mandir}/man8/dbmon.sh.8.gz +%exclude %{_mandir}/man8/dbverify.8.gz +%exclude %{_mandir}/man8/dn2rdn.8.gz +%exclude %{_mandir}/man8/fixup-linkedattrs.pl.8.gz +%exclude %{_mandir}/man8/fixup-memberof.pl.8.gz +%exclude %{_mandir}/man8/ldif2db.8.gz +%exclude %{_mandir}/man8/ldif2db.pl.8.gz +%exclude %{_mandir}/man8/ldif2ldap.8.gz +%exclude %{_mandir}/man8/migrate-ds.pl.8.gz +%exclude %{_mandir}/man8/monitor.8.gz +%exclude %{_mandir}/man8/ns-accountstatus.pl.8.gz +%exclude %{_mandir}/man8/ns-activate.pl.8.gz +%exclude %{_mandir}/man8/ns-inactivate.pl.8.gz +%exclude %{_mandir}/man8/ns-newpwpolicy.pl.8.gz +%exclude %{_mandir}/man8/remove-ds.pl.8.gz +%exclude %{_mandir}/man8/restart-dirsrv.8.gz +%exclude %{_mandir}/man8/restoreconfig.8.gz +%exclude %{_mandir}/man8/saveconfig.8.gz +%exclude %{_mandir}/man8/schema-reload.pl.8.gz +%exclude %{_mandir}/man8/setup-ds.pl.8.gz +%exclude %{_mandir}/man8/start-dirsrv.8.gz +%exclude %{_mandir}/man8/status-dirsrv.8.gz +%exclude %{_mandir}/man8/stop-dirsrv.8.gz +%exclude %{_mandir}/man8/suffix2instance.8.gz +%exclude %{_mandir}/man8/syntax-validate.pl.8.gz +%exclude %{_mandir}/man8/upgradedb.8.gz +%exclude %{_mandir}/man8/upgradednformat.8.gz +%exclude %{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz +%exclude %{_mandir}/man8/verify-db.pl.8.gz +%exclude %{_mandir}/man8/vlvindex.8.gz +%else +%{_mandir}/man8/* +%endif +%{_bindir}/* +# TODO: audit bug running https://bugzilla.opensuse.org/show_bug.cgi?id=1111564 +# This also needs a lot more work on the service file +#attr(750,root,dirsrv) #caps(CAP_NET_BIND_SERVICE=pe) #{_sbindir}/ns-slapd +%verify(not caps) %attr(755,root,dirsrv) %{_sbindir}/ns-slapd +%if ! %{with lib389} +%{_sbindir}/bak2db +%{_sbindir}/bak2db.pl +%{_sbindir}/cleanallruv.pl +%{_sbindir}/db2bak +%{_sbindir}/db2bak.pl +%{_sbindir}/db2index +%{_sbindir}/db2index.pl +%{_sbindir}/db2ldif +%{_sbindir}/db2ldif.pl +%{_sbindir}/dbmon.sh +%{_sbindir}/dbverify +%{_sbindir}/dn2rdn +%{_sbindir}/fixup-linkedattrs.pl +%{_sbindir}/fixup-memberof.pl +%{_sbindir}/ldif2db +%{_sbindir}/ldif2db.pl +%{_sbindir}/ldif2ldap +%{_sbindir}/migrate-ds.pl +%{_sbindir}/monitor +%{_sbindir}/ns-accountstatus.pl +%{_sbindir}/ns-activate.pl +%{_sbindir}/ns-inactivate.pl +%{_sbindir}/ns-newpwpolicy.pl +%{_sbindir}/remove-ds.pl +%{_sbindir}/restart-dirsrv +%{_sbindir}/restoreconfig +%{_sbindir}/saveconfig +%{_sbindir}/schema-reload.pl +%{_sbindir}/setup-ds.pl +%{_sbindir}/start-dirsrv +%{_sbindir}/status-dirsrv +%{_sbindir}/stop-dirsrv +%{_sbindir}/suffix2instance +%{_sbindir}/syntax-validate.pl +%{_sbindir}/upgradedb +%{_sbindir}/upgradednformat +%{_sbindir}/usn-tombstone-cleanup.pl +%{_sbindir}/verify-db.pl +%{_sbindir}/vlvindex +%endif +%{_unitdir}/dirsrv@.service +%{_unitdir}/dirsrv.target +%exclude %{_unitdir}/dirsrv@.service.d/custom.conf +%{_prefix}/lib/dirsrv/ +# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but +# sysctl.d is always in /lib. +%{_prefix}/lib/sysctl.d/* +%dir %{_datadir}/gdb/auto-load/usr/sbin/ +%{_datadir}/gdb/auto-load/usr/sbin/ns-slapd-gdb.py + +%files devel +%defattr(-,root,root) +%doc README* +%doc src/svrcore/README.svrcore +%license LICENSE +%license src/svrcore/LICENSE.svrcore +%{_mandir}/man3/* +%{_includedir}/dirsrv +%{_includedir}/svrcore.h +%{_libdir}/libsvrcore.so +%{_libdir}/dirsrv/libns-dshttpd.so +%{_libdir}/dirsrv/libnunc-stans.so +%{_libdir}/dirsrv/libsds.so +%{_libdir}/dirsrv/libslapd.so +%{_libdir}/dirsrv/libldaputil.so +%{_libdir}/pkgconfig/dirsrv.pc +%{_libdir}/pkgconfig/libsds.pc +%{_libdir}/pkgconfig/nunc-stans.pc +%{_libdir}/pkgconfig/svrcore.pc + +%files -n %{svrcorelib} +%defattr(-,root,root,-) +%license src/svrcore/LICENSE* +%{_libdir}/libsvrcore.so.* + +%files snmp +%defattr(-,root,root,-) +%license LICENSE LICENSE.GPLv3+ LICENSE.openssl +# TODO: README.devel +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf +%{_sbindir}/ldap-agent* +%{_mandir}/man1/ldap-agent.1* +%{_unitdir}/%{pkgname}-snmp.service + +%if %{with lib389} +%files -n lib389 +%defattr(-,root,root,-) +%license src/lib389/LICENSE +%doc src/lib389/README* +%{_sbindir}/dsconf +%{_sbindir}/dscreate +%{_sbindir}/dscontainer +%{_sbindir}/dsctl +%{_sbindir}/dsidm +%{_mandir}/man8/dsconf.8.gz +%{_mandir}/man8/dscreate.8.gz +%{_mandir}/man8/dsctl.8.gz +%{_mandir}/man8/dsidm.8.gz +/usr/lib/python*/site-packages/lib389* +%endif + +%changelog diff --git a/LICENSE.openldap b/LICENSE.openldap new file mode 100644 index 0000000..05ad757 --- /dev/null +++ b/LICENSE.openldap @@ -0,0 +1,47 @@ +The OpenLDAP Public License + Version 2.8, 17 August 2003 + +Redistribution and use of this software and associated documentation +("Software"), with or without modification, are permitted provided +that the following conditions are met: + +1. Redistributions in source form must retain copyright statements + and notices, + +2. Redistributions in binary form must reproduce applicable copyright + statements and notices, this list of conditions, and the following + disclaimer in the documentation and/or other materials provided + with the distribution, and + +3. Redistributions must contain a verbatim copy of this document. + +The OpenLDAP Foundation may revise this license from time to time. +Each revision is distinguished by a version number. You may use +this Software under terms of this license revision or under the +terms of any subsequent revision of the license. + +THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS +CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT +SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) +OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +The names of the authors and copyright holders must not be used in +advertising or otherwise to promote the sale, use or other dealing +in this Software without specific, written prior permission. Title +to copyright in this Software shall at all times remain with copyright +holders. + +OpenLDAP is a registered trademark of the OpenLDAP Foundation. + +Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, +California, USA. All Rights Reserved. Permission to copy and +distribute verbatim copies of this document is granted. diff --git a/_service b/_service new file mode 100644 index 0000000..ab4843f --- /dev/null +++ b/_service @@ -0,0 +1,28 @@ + + + + + https://pagure.io/389-ds-base.git + @PARENT_TAG@~git@TAG_OFFSET@.%h + git + + 389-ds-base-1.4.1.6 + + 389-ds-base-1.4.1.6 + + 389dsbase(.*) + \1 + + enable + + 389-ds-maintainer@suse.de + + + + *.tar + bz2 + + + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..5a84528 --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://pagure.io/389-ds-base.git + 5ac5a8aadd42551ea0389907fd286b7d60157685 \ No newline at end of file