ba46c7
ba46c7
%global pkgname   dirsrv
ba46c7
# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
ba46c7
# also remove the space between % and global - this space is needed because
ba46c7
# fedpkg verrel stupidly ignores comment lines
ba46c7
#% global prerel .rc3
ba46c7
# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
ba46c7
#% global relprefix 0.
ba46c7
ba46c7
%global use_openldap 1
ba46c7
%global use_db4 0
ba46c7
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
ba46c7
%global use_Socket6 0
a2f18f
# nunc-stans only builds on x86_64 for now
a2f18f
%ifarch x86_64
7c7f29
# To build without nunc-stans, set use_nunc_stans to 0.
a2f18f
%global use_nunc_stans 1
a2f18f
%else
a2f18f
%global use_nunc_stans 0
a2f18f
%endif 
a2f18f
7c7f29
%global nunc_stans_ver 0.1.8
ba46c7
ba46c7
# fedora 15 and later uses tmpfiles.d
ba46c7
# otherwise, comment this out
ba46c7
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
ba46c7
ba46c7
# systemd support
ba46c7
%global groupname %{pkgname}.target
ba46c7
ba46c7
# set PIE flag
ba46c7
%global _hardened_build 1
ba46c7
ba46c7
Summary:          389 Directory Server (base)
ba46c7
Name:             389-ds-base
7c7f29
Version:          1.3.5.10
b7d5c1
Release:          %{?relprefix}21%{?prerel}%{?dist}
3fe9c0
License:          GPLv3+
723150
URL:              https://www.port389.org/
ba46c7
Group:            System Environment/Daemons
ba46c7
BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
ba46c7
Obsoletes:        %{name}-selinux
ba46c7
Conflicts:        selinux-policy-base < 3.9.8
ba46c7
Requires:         %{name}-libs = %{version}-%{release}
ba46c7
Provides:         ldif2ldbm 
ba46c7
ba46c7
BuildRequires:    nspr-devel
ba46c7
BuildRequires:    nss-devel
7c7f29
BuildRequires:    svrcore-devel >= 4.1.2
ba46c7
%if %{use_openldap}
ba46c7
BuildRequires:    openldap-devel
ba46c7
%else
ba46c7
BuildRequires:    mozldap-devel
ba46c7
%endif
ba46c7
%if %{use_db4}
ba46c7
BuildRequires:    db4-devel
ba46c7
%else
ba46c7
BuildRequires:    libdb-devel
ba46c7
%endif
ba46c7
BuildRequires:    cyrus-sasl-devel
ba46c7
BuildRequires:    icu
ba46c7
BuildRequires:    libicu-devel
ba46c7
BuildRequires:    pcre-devel
ba46c7
BuildRequires:    gcc-c++
ba46c7
# The following are needed to build the snmp ldap-agent
ba46c7
BuildRequires:    net-snmp-devel
ba46c7
%ifnarch sparc sparc64 ppc ppc64 s390 s390x
ba46c7
BuildRequires:    lm_sensors-devel
ba46c7
%endif
ba46c7
BuildRequires:    bzip2-devel
ba46c7
BuildRequires:    zlib-devel
ba46c7
BuildRequires:    openssl-devel
ba46c7
BuildRequires:    tcp_wrappers
ba46c7
# the following is for the pam passthru auth plug-in
ba46c7
BuildRequires:    pam-devel
ba46c7
BuildRequires:    systemd-units
7c7f29
BuildRequires:    systemd-devel
ba46c7
ba46c7
# this is needed for using semanage from our setup scripts
ba46c7
Requires:         policycoreutils-python
7c7f29
Requires:         /usr/sbin/semanage
7c7f29
Requires:         libsemanage-python 
ba46c7
ba46c7
# the following are needed for some of our scripts
ba46c7
%if %{use_openldap}
ba46c7
Requires:         openldap-clients
ba46c7
%else
ba46c7
Requires:         mozldap-tools
ba46c7
%endif
ba46c7
# use_openldap assumes perl-Mozilla-LDAP is built with openldap support
ba46c7
Requires:         perl-Mozilla-LDAP
ba46c7
ba46c7
# this is needed to setup SSL if you are not using the
ba46c7
# administration server package
ba46c7
Requires:         nss-tools
ba46c7
ba46c7
# these are not found by the auto-dependency method
ba46c7
# they are required to support the mandatory LDAP SASL mechs
ba46c7
Requires:         cyrus-sasl-gssapi
ba46c7
Requires:         cyrus-sasl-md5
ba46c7
ba46c7
# this is needed for verify-db.pl
ba46c7
%if %{use_db4}
ba46c7
Requires:         db4-utils
ba46c7
%else
ba46c7
Requires:         libdb-utils
ba46c7
%endif
ba46c7
ba46c7
# This picks up libperl.so as a Requires, so we add this versioned one
ba46c7
Requires:         perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
ba46c7
ba46c7
# for the init script
ba46c7
Requires(post):   systemd-units
ba46c7
Requires(preun):  systemd-units
ba46c7
Requires(postun): systemd-units
ba46c7
95b556
# for setup-ds.pl
95b556
Requires:         bind-utils
95b556
ba46c7
# for setup-ds.pl to support ipv6 
ba46c7
%if %{use_Socket6}
ba46c7
Requires:         perl-Socket6
7c7f29
%else 
7c7f29
Requires:         perl-Socket
ba46c7
%endif
ba46c7
Requires:         perl-NetAddr-IP
7c7f29
Requires:         systemd-libs
7c7f29
Requires:         svrcore >= 4.1.2
ba46c7
7c7f29
# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
7c7f29
Obsoletes:        %{name} <= 1.3.5.4
7c7f29
7c7f29
Source0:          https://port389.org/binaries/%{name}-%{version}%{?prerel}.tar.bz2
ba46c7
# 389-ds-git.sh should be used to generate the source tarball from git
ba46c7
Source1:          %{name}-git.sh
ba46c7
Source2:          %{name}-devel.README
a2f18f
Source3:          https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2
7c7f29
Patch0:           0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch
7c7f29
Patch1:           0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch
7c7f29
Patch2:           0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch
7c7f29
Patch3:           0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch
7c7f29
Patch4:           0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch
7c7f29
Patch5:           0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch
7c7f29
Patch6:           0006-Ticket-48767-flow-control-in-replication-also-blocks.patch
7c7f29
Patch7:           0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch
7c7f29
Patch8:           0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch
7c7f29
Patch9:           0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
7c7f29
Patch10:          0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
7c7f29
Patch11:          0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
7c7f29
Patch12:          0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch
7c7f29
Patch13:          0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
7c7f29
Patch14:          0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
7c7f29
Patch15:          0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
7c7f29
Patch16:          0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
7c7f29
Patch17:          0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch
7c7f29
Patch18:          0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
7c7f29
Patch19:          0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
7c7f29
Patch20:          0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch
7c7f29
Patch21:          0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch
7c7f29
Patch22:          0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch
7c7f29
Patch23:          0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
7c7f29
Patch24:          0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch
7c7f29
Patch25:          0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch
7c7f29
Patch26:          0026-Ticket-48936-Duplicate-collation-entries.patch
7c7f29
Patch27:          0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch
7c7f29
Patch28:          0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
7c7f29
Patch29:          0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
7c7f29
Patch30:          0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
7c7f29
Patch31:          0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch
7c7f29
Patch32:          0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
7c7f29
Patch33:          0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch
7c7f29
Patch34:          0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch
7c7f29
Patch35:          0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch
7c7f29
Patch36:          0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch
7c7f29
Patch37:          0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch
7c7f29
Patch38:          0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch
7c7f29
Patch39:          0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch
7c7f29
Patch40:          0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
7c7f29
Patch41:          0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch
7c7f29
Patch42:          0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch
7c7f29
Patch43:          0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch
7c7f29
Patch44:          0044-Ticket-48957-set-proper-update-status-to-replication.patch
7c7f29
Patch45:          0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch
7c7f29
Patch46:          0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch
7c7f29
Patch47:          0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch
7c7f29
Patch48:          0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch
7c7f29
Patch49:          0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
7c7f29
Patch50:          0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch
95b556
Patch51:          0051-Ticket-48992-Total-init-may-fail-if-the-pushed-schem.patch
95b556
Patch52:          0052-Ticket-48909-Replication-stops-working-in-FIPS-mode.patch
95b556
Patch53:          0053-Ticket-49014-ns-accountstatus.pl-shows-wrong-status-.patch
95b556
Patch54:          0054-Ticket-49009-args-debug-logging-must-be-more-restric.patch
95b556
Patch55:          0055-Ticket-48328-Add-missing-dependency.patch
4aa5b2
Patch56:          0056-Ticket-48133-v2-Non-tombstone-entry-which-dn-startin.patch
4aa5b2
Patch57:          0057-Ticket-49020-do-not-treat-missing-csn-as-fatal.patch
4aa5b2
Patch58:          0058-Ticket-48964-cleanallruv-changelog-purging-removes-w.patch
4aa5b2
Patch59:          0059-Ticket-48964-should-not-free-repl-name-after-purging.patch
4aa5b2
Patch60:          0060-Ticket-49074-incompatible-nsEncryptionConfig-object-.patch
723150
Patch61:          0061-Ticket-49080-shadowExpire-should-not-be-a-calculated.patch
723150
Patch62:          0062-Ticket-49082-Fix-password-expiration-related-shadow-.patch
723150
Patch63:          0063-Ticket-49082-Adjusted-the-CI-test-case-to-the-fix.patch
723150
Patch64:          0064-Ticket-49008-backport-1.3.5-aborted-operation-can-le.patch
723150
Patch65:          0065-Ticket-49008-backport-1.3.5-aborted-operation-can-le.patch
723150
Patch66:          0066-Ticket-49079-deadlock-on-cos-cache-rebuild.patch
723150
Patch67:          0067-Ticket-49016-un-register-migration-remove-may-fail-i.patch
723150
Patch68:          0068-Ticket-49016-un-register-migration-remove-may-fail-i.patch
723150
Patch69:          0069-fix-for-reg-in-49008-check-if-ruv-element-exists.patch
c9e5da
Patch70:          0070-Ticket-49121-ns-slapd-crashes-in-ldif_sput-due-to-th.patch
c9e5da
Patch71:          0071-Issue-49122-Filtered-nsrole-that-uses-nsrole-crashes.patch
c9e5da
Patch72:          0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
b7d5c1
Patch73:          0073-Ticket-49209-Hang-due-to-omitted-replica-lock-releas.patch
b7d5c1
Patch74:          0074-Issue-49221-During-an-upgrade-the-provided-localhost.patch
b7d5c1
Patch75:          0075-Issue-49188-retrocl-can-crash-server-at-shutdown.patch
b7d5c1
Patch76:          0076-Issue-49095-targetattr-wildcard-evaluation-is-incorr.patch
ba46c7
ba46c7
%description
ba46c7
389 Directory Server is an LDAPv3 compliant server.  The base package includes
ba46c7
the LDAP server and command line utilities for server administration.
ba46c7
ba46c7
%package          libs
ba46c7
Summary:          Core libraries for 389 Directory Server
ba46c7
Group:            System Environment/Daemons
ba46c7
BuildRequires:    nspr-devel
ba46c7
BuildRequires:    nss-devel
7c7f29
BuildRequires:    svrcore-devel >= 4.1.2
ba46c7
%if %{use_openldap}
ba46c7
BuildRequires:    openldap-devel
ba46c7
%else
ba46c7
BuildRequires:    mozldap-devel
ba46c7
%endif
ba46c7
%if %{use_db4}
ba46c7
BuildRequires:    db4-devel
ba46c7
%else
ba46c7
BuildRequires:    libdb-devel
ba46c7
%endif
ba46c7
BuildRequires:    cyrus-sasl-devel
ba46c7
BuildRequires:    libicu-devel
ba46c7
BuildRequires:    pcre-devel
a2f18f
%if %{use_nunc_stans}
a2f18f
BuildRequires:    libtalloc-devel
a2f18f
BuildRequires:    libevent-devel
a2f18f
BuildRequires:    libtevent-devel
a2f18f
%endif
7c7f29
BuildRequires:    systemd-devel
ba46c7
ba46c7
%description      libs
ba46c7
Core libraries for the 389 Directory Server base package.  These libraries
ba46c7
are used by the main package and the -devel package.  This allows the -devel
ba46c7
package to be installed with just the -libs package and without the main package.
ba46c7
ba46c7
%package          devel
ba46c7
Summary:          Development libraries for 389 Directory Server
ba46c7
Group:            Development/Libraries
ba46c7
Requires:         %{name}-libs = %{version}-%{release}
ba46c7
Requires:         pkgconfig
ba46c7
Requires:         nspr-devel
ba46c7
Requires:         nss-devel
7c7f29
Requires:         svrcore-devel >= 4.1.2
ba46c7
%if %{use_openldap}
ba46c7
Requires:         openldap-devel
ba46c7
%else
ba46c7
Requires:         mozldap-devel
ba46c7
%endif
a2f18f
%if %{use_nunc_stans}
a2f18f
Requires:         libtalloc
a2f18f
Requires:         libevent
a2f18f
Requires:         libtevent
a2f18f
%endif
7c7f29
Requires:         systemd-libs
ba46c7
ba46c7
%description      devel
ba46c7
Development Libraries and headers for the 389 Directory Server base package.
ba46c7
7c7f29
%package          snmp
7c7f29
Summary:          SNMP Agent for 389 Directory Server
7c7f29
Group:            System Environment/Daemons
7c7f29
Requires:         %{name} = %{version}-%{release}
7c7f29
7c7f29
# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
7c7f29
Obsoletes:        %{name} <= 1.3.5.4
7c7f29
7c7f29
%description      snmp
7c7f29
SNMP Agent for the 389 Directory Server base package.
7c7f29
7c7f29
%package          tests
7c7f29
Summary:          The lib389 Continuous Integration Tests
7c7f29
Group:            Development/Libraries
7c7f29
Requires:         python-lib389
7c7f29
BuildArch:        noarch
7c7f29
7c7f29
%description      tests
7c7f29
The lib389 CI tests that can be run against the Directory Server.
7c7f29
ba46c7
%prep
ba46c7
%setup -q -n %{name}-%{version}%{?prerel}
a2f18f
%if %{use_nunc_stans}
a2f18f
%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
a2f18f
%endif
ba46c7
cp %{SOURCE2} README.devel
ba46c7
%patch0 -p1
ba46c7
%patch1 -p1
ba46c7
%patch2 -p1
ba46c7
%patch3 -p1
ba46c7
%patch4 -p1
ba46c7
%patch5 -p1
ba46c7
%patch6 -p1
ba46c7
%patch7 -p1
ba46c7
%patch8 -p1
ba46c7
%patch9 -p1
ba46c7
%patch10 -p1
ba46c7
%patch11 -p1
ba46c7
%patch12 -p1
ba46c7
%patch13 -p1
ba46c7
%patch14 -p1
ba46c7
%patch15 -p1
ba46c7
%patch16 -p1
ba46c7
%patch17 -p1
ba46c7
%patch18 -p1
ba46c7
%patch19 -p1
ba46c7
%patch20 -p1
ba46c7
%patch21 -p1
ba46c7
%patch22 -p1
ba46c7
%patch23 -p1
ba46c7
%patch24 -p1
ba46c7
%patch25 -p1
ba46c7
%patch26 -p1
ba46c7
%patch27 -p1
ba46c7
%patch28 -p1
ba46c7
%patch29 -p1
ba46c7
%patch30 -p1
ba46c7
%patch31 -p1
ba46c7
%patch32 -p1
ba46c7
%patch33 -p1
ba46c7
%patch34 -p1
ba46c7
%patch35 -p1
ba46c7
%patch36 -p1
ba46c7
%patch37 -p1
ba46c7
%patch38 -p1
ba46c7
%patch39 -p1
ba46c7
%patch40 -p1
ba46c7
%patch41 -p1
ba46c7
%patch42 -p1
ba46c7
%patch43 -p1
ba46c7
%patch44 -p1
ba46c7
%patch45 -p1
ba46c7
%patch46 -p1
ba46c7
%patch47 -p1
ba46c7
%patch48 -p1
ba46c7
%patch49 -p1
cc3dff
%patch50 -p1
95b556
%patch51 -p1
95b556
%patch52 -p1
95b556
%patch53 -p1
95b556
%patch54 -p1
95b556
%patch55 -p1
4aa5b2
%patch56 -p1
4aa5b2
%patch57 -p1
4aa5b2
%patch58 -p1
4aa5b2
%patch59 -p1
4aa5b2
%patch60 -p1
723150
%patch61 -p1
723150
%patch62 -p1
723150
%patch63 -p1
723150
%patch64 -p1
723150
%patch65 -p1
723150
%patch66 -p1
723150
%patch67 -p1
723150
%patch68 -p1
723150
%patch69 -p1
c9e5da
%patch70 -p1
c9e5da
%patch71 -p1
c9e5da
%patch72 -p1
b7d5c1
%patch73 -p1
b7d5c1
%patch74 -p1
b7d5c1
%patch75 -p1
b7d5c1
%patch76 -p1
ba46c7
ba46c7
%build
a2f18f
%if %{use_nunc_stans}
a2f18f
pushd ../nunc-stans-%{nunc_stans_ver}
a2f18f
%configure --with-fhs --libdir=%{_libdir}/%{pkgname}
a2f18f
make %{?_smp_mflags}
7c7f29
mkdir -p lib
a2f18f
cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so
a2f18f
mkdir -p include/nunc-stans
a2f18f
cp nunc-stans.h include/nunc-stans/nunc-stans.h
a2f18f
popd
a2f18f
%endif
a2f18f
ba46c7
%if %{use_openldap}
ba46c7
OPENLDAP_FLAG="--with-openldap"
ba46c7
%endif
ba46c7
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
ba46c7
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
ba46c7
NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
a2f18f
%if %{use_nunc_stans}
7c7f29
NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
a2f18f
%endif
ba46c7
%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
ba46c7
           --with-systemdsystemunitdir=%{_unitdir} \
ba46c7
           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
7c7f29
           --with-perldir=/usr/bin \
7c7f29
           --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \
7c7f29
           --with-systemd
ba46c7
ba46c7
# Generate symbolic info for debuggers
ba46c7
export XCFLAGS=$RPM_OPT_FLAGS
ba46c7
ba46c7
%ifarch x86_64 ppc64 ia64 s390x sparc64
ba46c7
export USE_64=1
ba46c7
%endif
ba46c7
ba46c7
make %{?_smp_mflags}
ba46c7
ba46c7
ba46c7
%install
a2f18f
%if %{use_nunc_stans}
a2f18f
pushd ../nunc-stans-%{nunc_stans_ver}
a2f18f
make DESTDIR="$RPM_BUILD_ROOT" install
a2f18f
rm -rf $RPM_BUILD_ROOT%{_includedir} $RPM_BUILD_ROOT%{_datadir} \
a2f18f
    $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/pkgconfig
a2f18f
popd
7c7f29
%else
7c7f29
rm -rf $RPM_BUILD_ROOT
a2f18f
%endif
a2f18f
ba46c7
make DESTDIR="$RPM_BUILD_ROOT" install
ba46c7
ba46c7
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
ba46c7
mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
ba46c7
mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}
ba46c7
ba46c7
# for systemd
ba46c7
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
ba46c7
7c7f29
#remove libtool archives and static libs
7c7f29
find %{buildroot} -type f -name "*.la" -delete
7c7f29
find %{buildroot} -type f -name "*.a" -delete
ba46c7
7c7f29
# make sure perl scripts have a proper shebang
ba46c7
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl
ba46c7
7c7f29
# Why are we not making this a proper python package?
7c7f29
pushd ../%{name}-%{version}%{?prerel}
7c7f29
cp -r dirsrvtests $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}
7c7f29
find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type f -name '*.pyc' -delete
7c7f29
find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type f -name '*.pyo' -delete
7c7f29
find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type d -name '__pycache__' -delete
7c7f29
popd
7c7f29
ba46c7
%clean
ba46c7
rm -rf $RPM_BUILD_ROOT
ba46c7
ba46c7
%post
ba46c7
output=/dev/null
a2f18f
output2=/dev/null
ba46c7
# reload to pick up any changes to systemd files
ba46c7
/bin/systemctl daemon-reload >$output 2>&1 || :
ba46c7
# reload to pick up any shared lib changes
ba46c7
/sbin/ldconfig
ba46c7
# find all instances
ba46c7
instances="" # instances that require a restart after upgrade
ba46c7
ninst=0 # number of instances found in total
ba46c7
if [ -n "$DEBUGPOSTTRANS" ] ; then
ba46c7
   output=$DEBUGPOSTTRANS
a2f18f
   output2=${DEBUGPOSTTRANS}.upgrade
ba46c7
fi
7c7f29
7c7f29
has_dirsrv=`/usr/bin/egrep -i "^dirsrv\>" /etc/passwd` || :
7c7f29
if [ "$has_dirsrv" = "" ]; then
7c7f29
  dirsrv_uid=389
7c7f29
  while [ "`getent passwd | awk -F: '{print $3}' | grep $dirsrv_uid`" != "" ]; do
7c7f29
    dirsrv_uid=`expr $dirsrv_uid + 1`
7c7f29
  done
7c7f29
  echo "User dirsrv does not exist, create it with uid %dirsrv_uid." >> $output 2>&1 || :
7c7f29
  /usr/sbin/useradd -c "389-ds-base" -u $dirsrv_uid \
7c7f29
    -s /sbin/nologin -r -d /usr/share/dirsrv dirsrv 2> /dev/null || :
7c7f29
fi
7c7f29
has_dirsrv=`/usr/bin/egrep -i "^dirsrv\>" /etc/group` || :
7c7f29
if [ "$has_dirsrv" = "" ]; then
7c7f29
  dirsrv_gid=389
7c7f29
  while [ "`getent group | grep $dirsrv_gid`" != "" ]; do
7c7f29
    dirsrv_gid=`expr $dirsrv_gid + 1`
7c7f29
  done
7c7f29
  echo "Group dirsrv does not exist, create it with uid %dirsrv_gid." >> $output 2>&1 || :
7c7f29
  /usr/sbin/groupadd -g $dirsrv_gid -r dirsrv 2> /dev/null || :
7c7f29
fi
7c7f29
7c7f29
echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
7c7f29
for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
7c7f29
    if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
7c7f29
    inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
a2f18f
    echo found instance $inst - getting status  >> $output 2>&1 || :
ba46c7
    if /bin/systemctl -q is-active $inst ; then
309aa9
       echo instance $inst is running >> $output 2>&1 || :
ba46c7
       instances="$instances $inst"
ba46c7
    else
309aa9
       echo instance $inst is not running >> $output 2>&1 || :
ba46c7
    fi
ba46c7
    ninst=`expr $ninst + 1`
ba46c7
done
ba46c7
if [ $ninst -eq 0 ] ; then
309aa9
    echo no instances to upgrade >> $output 2>&1 || :
ba46c7
    exit 0 # have no instances to upgrade - just skip the rest
ba46c7
fi
ba46c7
# shutdown all instances
309aa9
echo shutting down all instances . . . >> $output 2>&1 || :
309aa9
for inst in $instances ; do
309aa9
    echo stopping instance $inst >> $output 2>&1 || :
309aa9
    /bin/systemctl stop $inst >> $output 2>&1 || :
309aa9
done
309aa9
echo remove pid files . . . >> $output 2>&1 || :
ba46c7
/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid
ba46c7
# do the upgrade
309aa9
echo upgrading instances . . . >> $output 2>&1 || :
309aa9
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
309aa9
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
a2f18f
    %{_sbindir}/setup-ds.pl -l $output2 -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
309aa9
else
a2f18f
    %{_sbindir}/setup-ds.pl -l $output2 -u -s General.UpdateMode=offline >> $output 2>&1 || :
309aa9
fi
309aa9
ba46c7
# restart instances that require it
ba46c7
for inst in $instances ; do
309aa9
    echo restarting instance $inst >> $output 2>&1 || :
309aa9
    /bin/systemctl start $inst >> $output 2>&1 || :
ba46c7
done
ba46c7
exit 0
ba46c7
ba46c7
%preun
ba46c7
if [ $1 -eq 0 ]; then # Final removal
ba46c7
    # remove instance specific service files/links
ba46c7
    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
ba46c7
fi
ba46c7
ba46c7
%postun
ba46c7
/sbin/ldconfig
ba46c7
if [ $1 = 0 ]; then # Final removal
ba46c7
    rm -rf /var/run/%{pkgname}
ba46c7
fi
ba46c7
7c7f29
%post snmp
7c7f29
%systemd_post %{pkgname}-snmp.service
7c7f29
7c7f29
%preun snmp
7c7f29
%systemd_preun %{pkgname}-snmp.service %{groupname}
7c7f29
7c7f29
%postun snmp
7c7f29
%systemd_postun_with_restart %{pkgname}-snmp.service
7c7f29
ba46c7
%files
ba46c7
%defattr(-,root,root,-)
a2f18f
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
ba46c7
%dir %{_sysconfdir}/%{pkgname}
ba46c7
%dir %{_sysconfdir}/%{pkgname}/schema
ba46c7
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
ba46c7
%dir %{_sysconfdir}/%{pkgname}/config
ba46c7
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
ba46c7
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
ba46c7
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
ba46c7
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
ba46c7
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}
ba46c7
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd
ba46c7
%{_datadir}/%{pkgname}
ba46c7
%{_unitdir}
ba46c7
%{_bindir}/*
ba46c7
%{_sbindir}/*
ba46c7
%{_libdir}/%{pkgname}/perl
cc3dff
%{_libdir}/%{pkgname}/python
ba46c7
%dir %{_libdir}/%{pkgname}/plugins
ba46c7
%{_libdir}/%{pkgname}/plugins/*.so
ba46c7
%dir %{_localstatedir}/lib/%{pkgname}
ba46c7
%dir %{_localstatedir}/log/%{pkgname}
ba46c7
%ghost %dir %{_localstatedir}/lock/%{pkgname}
ba46c7
%{_mandir}/man1/*
ba46c7
%{_mandir}/man8/*
7c7f29
%exclude %{_sbindir}/ldap-agent*
7c7f29
%exclude %{_mandir}/man1/ldap-agent.1.gz
ba46c7
ba46c7
%files devel
ba46c7
%defattr(-,root,root,-)
a2f18f
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
ba46c7
%{_includedir}/%{pkgname}
ba46c7
%{_libdir}/%{pkgname}/libslapd.so
7c7f29
%{_libdir}/%{pkgname}/libns-dshttpd.so
a2f18f
%if %{use_nunc_stans}
a2f18f
%{_libdir}/%{pkgname}/libnunc-stans.so
a2f18f
%endif
ba46c7
%{_libdir}/pkgconfig/*
ba46c7
ba46c7
%files libs
ba46c7
%defattr(-,root,root,-)
a2f18f
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
ba46c7
%dir %{_libdir}/%{pkgname}
ba46c7
%{_libdir}/%{pkgname}/libslapd.so.*
7c7f29
%{_libdir}/%{pkgname}/libns-dshttpd.so.*
a2f18f
%if %{use_nunc_stans}
f5000e
%{_libdir}/%{pkgname}/libnunc-stans.so.*
a2f18f
%endif
ba46c7
7c7f29
%files snmp
7c7f29
%defattr(-,root,root,-)
7c7f29
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
7c7f29
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
7c7f29
%{_sbindir}/ldap-agent*
7c7f29
%{_mandir}/man1/ldap-agent.1.gz
7c7f29
7c7f29
%files tests
7c7f29
%defattr(-,root,root,-)
7c7f29
%doc LICENSE LICENSE.GPLv3+
7c7f29
%{_sysconfdir}/%{pkgname}/dirsrvtests
7c7f29
ba46c7
%changelog
b7d5c1
* Mon Apr 24 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.5.10-21
b7d5c1
- Bump verison to 1.3.5.10-21
b7d5c1
- Resolves: Bug 1440654 - Possible deadlock while installing an ipa replica
b7d5c1
- Resolves: Bug 1445178 - Silent install localhost issue
b7d5c1
- Resolves: Bug 1445177 - retrocl crash at shutdown
b7d5c1
- Resolves: Bug 1445176 - case sensitivity in acl
b7d5c1
c9e5da
* Mon Apr 3 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.5.10-20
c9e5da
- Bump version to 1.3.5.10-20
c9e5da
- Resolves: bug 1437005 - CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages
c9e5da
c9e5da
* Fri Mar 3 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.5.10-19
c9e5da
- Release 1.3.5.10-19
c9e5da
- Resolves: bug 1429495 - ns-slapd dies under heavy load 
c9e5da
- Resolves: bug 1429498 - A filtered nsrole that specifies an empty nsrole in its nsRoleFilter will result in a segfault
c9e5da
723150
* Thu Feb 16 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.5.10-18
723150
- Release 1.3.5.10-18
723150
- Resolves: bug 1387340 - Aborted operation can leave RUV in incorrect state 
723150
723150
* Tue Jan 31 2017 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-17
723150
- Release 1.3.5.10-17
723150
- Resolves: bug 1414677 - (un)register/migration/remove may fail if there is no suffix (DS 49016)
723150
723150
* Wed Jan 25 2017 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-16
723150
- Release 1.3.5.10-16
723150
- Resolves: bug 1414677 - (un)register/migration/remove may fail if there is no suffix (DS 49016)
723150
- Resolves: bug 1414678 - deadlock on cos cache rebuild (DS 49079)
723150
- Resolves: bug 1414679 - Release 1.3.5 may allow expired accounts access to systems (DS 49080, DS 49082)
723150
- Resolves: bug 1416368 - Aborted operation can leave RUV in incorrect state (DS 49008)
723150
4aa5b2
* Wed Jan  4 2017 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-15
4aa5b2
- Release 1.3.5.10-15
4aa5b2
- Resolves: bug 1402325 - do not treat missing csn as fatal (DS 48964)
4aa5b2
- Resolves: bug 1410080 - incompatible nsEncryptionConfig object definition prevents RHEL 7->6 schema replication (DS 49074)
4aa5b2
4aa5b2
* Fri Dec 23 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-14
4aa5b2
- Release 1.3.5.10-14
4aa5b2
- Resolves: bug 1402325 - do not treat missing csn as fatal (DS 48964)
4aa5b2
4aa5b2
* Mon Dec 12 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-13
4aa5b2
- Release 1.3.5.10-13
4aa5b2
- Resolves: bug 1402030 - Non tombstone entry which dn starting with "nsuniqueid=...," cannot be deleted (DS 48133)
4aa5b2
- Resolves: bug 1402325 - do not treat missing csn as fatal (DS 49020)
4aa5b2
95b556
* Mon Oct 31 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-12
95b556
- Release 1.3.5.10-12
95b556
- Resolves: bug 1384785 - Replica install fails with old IPA master sometimes during replication process (DS 48992)
95b556
- Resolves: bug 1388501 - 389-ds-base is missing runtime dependency - bind-utils (DS 48328)
95b556
- Resolves: bug 1388581 - Replication stops working only when fips mode is set to true (DS 48909)
95b556
- Resolves: bug 1390342 - ns-accountstatus.pl shows wrong status for accounts inactivated by Account policy plugin (DS 49014)
95b556
- Resolves: bug 1390343 - trace args debug logging must be more restrictive (DS 49009)
95b556
7c7f29
* Tue Sep 13 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-11
7c7f29
- Release 1.3.5.10-11
7c7f29
- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates
7c7f29
7c7f29
* Thu Sep  1 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-10
7c7f29
- Release 1.3.5.10-10
7c7f29
- Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957)
7c7f29
- Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969)
7c7f29
7c7f29
* Tue Aug 30 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-9
7c7f29
- Release 1.3.5.10-9
7c7f29
- Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950)
7c7f29
- Resolves: bug 1366828 - audit on failure doesn't work if attribute nsslapd-auditlog-logging-enabled is NOT enabled (DS 48958)
7c7f29
- Resolves: bug 1368520 - Crash in import_wait_for_space_in_fifo() (DS 48960)
7c7f29
- Resolves: bug 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option
7c7f29
- Resolves: bug 1369537 - passwordMinAge attribute doesn't limit the minimum age of the password (DS 48967)
7c7f29
- Resolves: bug 1369570 - cleanallruv changelog cleaning incorrectly impacts all backends (DS 48964)
7c7f29
- Resolves: bug 1369425 - ACI behaves erratically (DS 48972)
7c7f29
- Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957)
7c7f29
- Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969)
7c7f29
- Resolves: bug 1371283 - Server Side Sorting crashes the server. (DS 48970)
7c7f29
- Resolves: bug 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password (DS 48975)
7c7f29
7c7f29
* Thu Aug 18 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-8
7c7f29
- Release 1.3.5.10-8
7c7f29
- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48954)
7c7f29
- Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950)
7c7f29
- Resolves: bug 1366561 - ns-accountstatus.pl giving error even "No such object (32)" (DS 48956)
7c7f29
7c7f29
* Mon Aug  8 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-7
7c7f29
- Release 1.3.5.10-7
7c7f29
- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450)
7c7f29
- Resolves: bug 1360976 - fixing a compiler warning
7c7f29
7c7f29
* Thu Aug  4 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-6
7c7f29
- Release 1.3.5.10-6
7c7f29
- Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48928)
7c7f29
- Resolves: bug 1360447 - nsslapd-workingdir is empty when ns-slapd is started by systemd (DS 48939)
7c7f29
- Resolves: bug 1360327 - remove-ds.pl deletes an instance even if wrong prefix was specified (DS 48934)
7c7f29
- Resolves: bug 1349815 - DS logs have warning:ancestorid not indexed for all CS subsystems (DS 48940)
7c7f29
- Resolves: bug 1329061 - 389-ds-base-1.3.4.0-29.el7_2 "hang" (DS 48882)
7c7f29
- Resolves: bug 1360976 - EMBARGOED CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack
7c7f29
- Resolves: bug 1361134 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password (DS 48943) 
7c7f29
- Resolves: bug 1361321 - Duplicate collation entries (DS 48936)
7c7f29
- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450)
7c7f29
- Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat
7c7f29
7c7f29
* Thu Jul 14 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-5
7c7f29
- Release 1.3.5.10-5
7c7f29
- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919)
7c7f29
7c7f29
* Thu Jul 14 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-4
7c7f29
- Release 1.3.5.10-4
7c7f29
- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144)
7c7f29
- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919)
7c7f29
- Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat
7c7f29
- Resolves: bug 1354660 - flow control in replication also blocks receiving results (DS 48767)
7c7f29
- Resolves: bug 1356261 - Fixup tombstone task needs to set proper flag when updating (DS 48924)
7c7f29
- Resolves: bug 1355760 - ns-slapd crashes during the deletion of backend (DS 48922)
7c7f29
- Resolves: bug 1353629 - DS shuts down automatically if dnaThreshold is set to 0 in a MMR setup (DS 48916)
7c7f29
- Resolves: bug 1355879 - nunc-stans: ns-slapd crashes during startup with SIGILL on AMD Opteron 280 (DS 48925)
7c7f29
7c7f29
* Mon Jul 11 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-3
7c7f29
- Release 1.3.5.10-3
7c7f29
- Resolves: bug 1354374 - Fixing the tarball version in the sources file.
7c7f29
7c7f29
* Mon Jul 11 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-2
7c7f29
- Release 1.3.5.10-2
7c7f29
- Resolves: bug 1353714 - If a cipher is disabled do not attempt to look it up (DS 48743)
7c7f29
- Resolves: bug 1353592 - Setup-ds.pl --update fails - regression (DS 48755)
7c7f29
- Resolves: bug 1353544 - db2bak.pl task enters infinitive loop when bak fs is almost full (DS 48914)
7c7f29
- Resolves: bug 1354374 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't install 389-ds-base-snmp (DS 48918)
7c7f29
7c7f29
* Wed Jun 29 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-1
7c7f29
- Release 1.3.5.10-1
7c7f29
- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48905)
7c7f29
7c7f29
* Wed Jun 29 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.9-1
7c7f29
- Release 1.3.5.9-1
7c7f29
- Resolves: bug 1349571 - Improve MMR replication convergence (DS 48636)
7c7f29
- Resolves: bug 1304682 - "stale" automember rule (associated to a removed group) causes discrepancies in the database (DS 48637)
7c7f29
- Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755)
7c7f29
- Resolves: bug 1316731 - syncrepl search returning error 329; plugin sending a bad error code (DS 48904)
7c7f29
- Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule  (DS 48891)
7c7f29
- Resolves: bug 1349577 - Values of dbcachetries/dbcachehits in cn=monitor could overflow. (DS 48899)
7c7f29
- Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT (DS 48898)
7c7f29
- Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538)
7c7f29
- Resolves: bug 1350632 - ns-slapd shutdown crashes if pwdstorageschema name is from stack. (DS 48902)
7c7f29
7c7f29
* Tue Jun 21 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.8-1
7c7f29
- Release 1.3.5.8-1
7c7f29
- Resolves: bug 1290101 - proxyauth support does not work when bound as directory  manager (DS 48366)
7c7f29
7c7f29
* Tue Jun 21 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.7-1
7c7f29
- Release 1.3.5.7-1
7c7f29
- Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109)
7c7f29
- Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449)
7c7f29
- Resolves: bug 1290101 - proxyauth support does not work when bound as directory  manager (DS 48366)
7c7f29
- Resolves: bug 1338872 - Wrong result code display in audit-failure log (DS 48892)
7c7f29
- Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538)
7c7f29
- Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule  (DS 48891)
7c7f29
- Resolves: bug 1347407 - By default aci can be read by anonymous (DS 48354)
7c7f29
- Resolves: bug 1347412 - cn=SNMP,cn=config entry can be read by anonymous (DS 48893)
7c7f29
7c7f29
* Tue Jun 14 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.6-1
7c7f29
- Release 1.3.5.6-1
7c7f29
- Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982)
7c7f29
- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48766, DS 48636)
7c7f29
- Resolves: bug 1233926 - "matching rules" in ACI's "bind rules not fully evaluated (DS 48234)
7c7f29
- Resolves: bug 1346165 - 389-ds-base-1.3.5.5-1.el7.x86_64 requires policycoreutils-py 
7c7f29
7c7f29
* Mon Jun 13 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.5-1
7c7f29
- Release 1.3.5.5-1
7c7f29
- Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 48833)
7c7f29
- Resolves: bug 1344414 - [RFE] adding pre/post extop ability (DS 48880)
7c7f29
- Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449)
7c7f29
- Resolves: bug 1257568 - /usr/lib64/dirsrv/libnunc-stans.so is owned by both -libs and -devel (DS 48404)
7c7f29
- Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755)
7c7f29
- Resolves: bug 1342609 - At startup DES to AES password conversion causes timeout in start script (DS 48862)
7c7f29
- Resolves: bug 1316328 - search returns no entry when OR filter component contains non readable attribute (DS 48275)
7c7f29
- Resolves: bug 1280456 - setup-ds should detect if port is already defined (DS 48336)
7c7f29
- Resolves: bug 1312557 - dirsrv service fails to start when nsslapd-listenhost is configured (DS 48747)
7c7f29
- Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48752)
7c7f29
- Resolves: bug 1340307 - Running db2index with no options breaks replication (DS 48854)
7c7f29
- Resolves: bug 1337195 - Regression introduced in matching rules by DS 48746 (DS 48844)
7c7f29
- Resolves: bug 1335492 - Modifier's name is not recorded in the audit log with modrdn and moddn operations (DS 48834)
7c7f29
- Resolves: bug 1316741 - ldctl should support -H with ldap uris (DS 48754)
7c7f29
7c7f29
* Wed May 18 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.4-1
7c7f29
- release 1.3.5.4-1
7c7f29
- Resolves: bug 1334455 - db2ldif is not taking into account multiple suffixes or backends (DS 48828)
7c7f29
- Resolves: bug 1241563 - The "repl-monitor" web page does not display "year" in date. (DS 48220)
7c7f29
- Resolves: bug 1335618 - Server ram sanity checks work in isolation (DS 48617)
7c7f29
- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48837)
7c7f29
7c7f29
* Sat May  7 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.3-1
7c7f29
- release 1.3.5.3-1
7c7f29
- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144)
7c7f29
- Resolves: bug 1332533 - ns-accountstatus.pl gives error message on execution along with results. (DS 48815)
7c7f29
- Resolves: bug 1332709 - password history is not updated when an admin resets the password (DS 48813)
7c7f29
- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48822)
7c7f29
- Resolves: bug 1333515 - Enable DS to offer weaker DH params in NSS  (DS 48798)
7c7f29
7c7f29
* Tue May  3 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.2-1
7c7f29
- release 1.3.5.2-1
7c7f29
- Resolves: bug 1270020 - Rebase 389-ds-base to 1.3.5 in RHEL-7.3 
7c7f29
- Resolves: bug 1288229 - many attrlist_replace errors in connection with cleanallruv (DS 48283)
7c7f29
- Resolves: bug 1315893 - License tag does not match actual license of code (DS 48757)
7c7f29
- Resolves: bug 1320715 - DES to AES password conversion fails if a backend is empty (DS 48777)
7c7f29
- Resolves: bug 190862  - [RFE] Default password syntax settings don't work with fine-grained policies (DS 142)
7c7f29
- Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 548)
7c7f29
- Resolves: bug 1143066 - The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid (DS 48285)
7c7f29
- Resolves: bug 1153758 - [RFE] Support SASL/GSSAPI when ns-slapd is behind a load-balancer (DS 48332)
7c7f29
- Resolves: bug 1160902 - search, matching rules and filter error "unsupported type 0xA9" (DS 48016)
7c7f29
- Resolves: bug 1186512 - High memory fragmentation observed in ns-slapd; OOM-Killer invoked (DS 48377, 48129)
7c7f29
- Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109)
7c7f29
- Resolves: bug 1209094 - [RFE] Allow logging of rejected changes (DS 48145, 48280)
7c7f29
- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144)
7c7f29
- Resolves: bug 1210842 - [RFE] Add PIDFile option to systemd service file (DS 47951)
7c7f29
- Resolves: bug 1223510 - [RFE] it could be nice to have nsslapd-maxbersize default to bigger than 2Mb (DS 48326)
7c7f29
- Resolves: bug 1229799 - ldclt-bin killed by SIGSEGV (DS 48289)
7c7f29
- Resolves: bug 1249908 - No validation check for the value for nsslapd-db-locks. (DS 48244)
7c7f29
- Resolves: bug 1254887 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers (DS 48290)
7c7f29
- Resolves: bug 1255557 - db2index creates index entry from deleted records (DS 48252)
7c7f29
- Resolves: bug 1258610 - total update request must not be lost (DS 48255)
7c7f29
- Resolves: bug 1258611 - dna plugin needs to handle binddn groups for authorization (DS 48258)
7c7f29
- Resolves: bug 1259624 - [RFE] Provide a utility to detect accounts locked due to inactivity (DS 48269)
7c7f29
- Resolves: bug 1259950 - Add config setting to MemberOf Plugin to add required objectclass got memberOf attribute (DS 48267)
7c7f29
- Resolves: bug 1266510 - Linked Attributes plug-in - wrong behaviour when adding valid and broken links (DS 48295)
7c7f29
- Resolves: bug 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation (DS 48294)
7c7f29
- Resolves: bug 1267750 - pagedresults - when timed out, search results could have been already freed. (DS 48299)
7c7f29
- Resolves: bug 1269378 - ds-logpipe.py with wrong arguments - python exception in the output (DS 48302)
7c7f29
- Resolves: bug 1271330 - nunc-stans: Attempt to release connection that is not acquired (DS 48311)
7c7f29
- Resolves: bug 1272677 - nunc stans: ns-slapd killed by SIGTERM
7c7f29
- Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT
7c7f29
- Resolves: bug 1273142 - crash in Managed Entry plugin (DS 48312)
7c7f29
- Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982)
7c7f29
- Resolves: bug 1273550 - Deadlock between two MODs on the same entry between entry cache and backend lock (DS 47978)
7c7f29
- Resolves: bug 1273555 - deadlock in mep delete post op (DS 47976)
7c7f29
- Resolves: bug 1273584 - lower password history minimum to 1 (DS 48394)
7c7f29
- Resolves: bug 1275763 - [RFE] add setup-ds.pl option to disable instance specific scripts (DS 47840)
7c7f29
- Resolves: bug 1276072 - [RFE] Allow RHDS to be setup using a DNS CNAME alias for General.FullMachineName (DS 48328)
7c7f29
- Resolves: bug 1278567 - SimplePagedResults -- abandon could happen between the abandon check and sending results (DS 48338)
7c7f29
- Resolves: bug 1278584 - Share nsslapd-threadnumber in the case nunc-stans is enabled, as well. (DS 48339)
7c7f29
- Resolves: bug 1278755 - deadlock on connection mutex (DS 48341)
7c7f29
- Resolves: bug 1278987 - Cannot upgrade a consumer to supplier in a multimaster environment (DS 48325)
7c7f29
- Resolves: bug 1280123 - acl - regression - trailing ', (comma)' in macro matched value is not removed. (DS 48344)
7c7f29
- Resolves: bug 1290111 - [RFE] Support for rfc3673 '+' to return operational attributes (DS 48363)
7c7f29
- Resolves: bug 1290141 - With exhausted range, part of DNA shared configuration is deleted after server restart (DS 48362)
7c7f29
- Resolves: bug 1290242 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375)
7c7f29
- Resolves: bug 1290600 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same ldapmodify operation (DS 48370)
7c7f29
- Resolves: bug 1295947 - 389-ds hanging after a few minutes of operation (DS 48406, revert 48338)
7c7f29
- Resolves: bug 1296310 - ldclt - segmentation fault error while binding (DS 48400)
7c7f29
- Resolves: bug 1299758 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS [rhel-7.3]
7c7f29
- Resolves: bug 1301097 - logconv.pl displays negative operation speeds (DS 48446)
7c7f29
- Resolves: bug 1302823 - Crash in slapi_get_object_extension (DS 48536)
7c7f29
- Resolves: bug 1303641 - heap corruption at schema replication. (DS 48492)
7c7f29
- Resolves: bug 1307151 - keep alive entries can break replication (DS 48445)
7c7f29
- Resolves: bug 1310848 - Supplier can skip a failing update, although it should retry. (DS 47788)
7c7f29
- Resolves: bug 1314557 - change severity of some messages related to "keep alive" enties (DS 48420)
7c7f29
- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450)
7c7f29
- Resolves: bug 1316742 - no plugin calls in tombstone purging (DS 48759)
7c7f29
- Resolves: bug 1319329 - [RFE] add nsslapd-auditlog-logging-enabled: off to template-dse.ldif (DS 48145)
7c7f29
- Resolves: bug 1320295 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged. (DS 48775)
7c7f29
- Resolves: bug 1326520 - db2index uses a buffer size derived from dbcachesize (DS 48383)
7c7f29
- Resolves: bug 1328936 - objectclass values could be dropped on the consumer (DS 48799)
7c7f29
- Resolves: bug 1287475 - [RFE] response control for password age should be sent by default by RHDS (DS 48369)
7c7f29
- Resolves: bug 1331343 - Paged results search returns the blank list of entries (DS 48808)
246821
a2f18f
* Mon Oct  5 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-19
a2f18f
- release 1.3.4.0-19
a2f18f
- Resolves: bug 1228823 - async simple paged results issue (DS 48299, DS 48192)
a2f18f
- Resolves: bug 1266944 - ns-slapd crash during ipa-replica-manage del (DS 48298)
a2f18f
a2f18f
* Tue Sep 22 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-18
a2f18f
- release 1.3.4.0-18
a2f18f
- Resolves: bug 1259949 - Fractional replication evaluates several times the same CSN (DS 48266, DS 48284)
a2f18f
a2f18f
* Fri Sep 18 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-17
a2f18f
- release 1.3.4.0-17
a2f18f
- Resolves: bug 1259949 - A backport error (coverity -- unused variable 'init_retry')
a2f18f
a2f18f
* Fri Sep 18 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-16
a2f18f
- release 1.3.4.0-16
a2f18f
- Resolves: bug 1243970 - In MMR, double free coould occur under some special condition (DS 48276, DS 48226)
a2f18f
- Resolves: bug 1259949 - Fractional replication evaluates several times the same CSN (DS 48266)
a2f18f
- Resolves: bug 1241723 - cleanallruv - fix regression with server shutdown (DS 48217)
a2f18f
- Resolves: bug 1264224 - segfault in ns-slapd due to accessing Slapi_DN freed in pre bind plug-in (DS 48188)
a2f18f
a2f18f
* Fri Sep  4 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-15
a2f18f
- release 1.3.4.0-15
a2f18f
- Resolves: bug 1258996 - Complex filter in a search request doen't work as expected. (regression) (DS 48265)
a2f18f
- Resolves: bug 1179370 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes (DS 47981)
a2f18f
a2f18f
* Tue Aug 25 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-14
a2f18f
- release 1.3.4.0-14
a2f18f
- Resolves: bug 1246389 - wrong password check if passwordInHistory is decreased. (DS 48228)
a2f18f
- Resolves: bug 1255851 - Shell CLI fails with usage errors if an argument containing white spaces is given (DS 48254)
a2f18f
- Resolves: bug 1256938 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax (DS 47757)
a2f18f
a2f18f
* Wed Aug 19 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-13
a2f18f
- release 1.3.4.0-13
a2f18f
- Resolves: bug 1245519 - remove debug logging from retro cl (DS 47831)
a2f18f
a2f18f
* Tue Aug 18 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-12
a2f18f
- release 1.3.4.0-12
a2f18f
- Resolves: bug 1252133 - replica upgrade failed in starting dirsrv service (DS 48243)
a2f18f
- Resolves: bug 1254344 - Server crashes in ACL_LasFindFlush during shutdown if ACIs contain IP addresss restrictions (DS 48233)
a2f18f
a2f18f
* Fri Aug 14 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-11
a2f18f
- release 1.3.4.0-11
a2f18f
- Resolves: bug 1249784 - ipa-dnskeysyncd unhandled exception on named-pkcs11 start (DS 48249)
a2f18f
- Resolves: bug 1252082 - removing chaining database links trigger valgrind read error (DS 47686)
a2f18f
- Resolves: bug 1252207 - bashisms in 389-ds-base admin scripts (DS 47511)
a2f18f
- Resolves: bug 1252533 - Man pages and help for remove-ds.pl doesn't display "-a" option (DS 48245)
a2f18f
- Resolves: bug 1252781 - Slapd crashes reported from latest builds (DS 48250)
a2f18f
a2f18f
* Mon Aug 10 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-10
a2f18f
- release 1.3.4.0-10
a2f18f
- Resolves: bug 1245519 - Fix coverity issues (DS 47931)
a2f18f
a2f18f
* Fri Aug  7 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-9
a2f18f
- release 1.3.4.0-9
a2f18f
- Resolves: bug 1240876 - verify_db.pl doesn't verify DB specified by -a option. (DS 48215)
a2f18f
- Resolves: bug 1245235 - winsync lastlogon attribute not syncing between IPA & Windows 2008. (DS 48232)
a2f18f
- Resolves: bug 1245519 - Deadlock with retrochangelog, memberof plugin (DS 47931)
a2f18f
- Resolves: bug 1246389 - wrong password check if passwordInHistory is decreased. (DS 48228)
a2f18f
- Resolves: bug 1247811 - logconv autobind handling regression caused by 47446 (DS 48231)
a2f18f
- Resolves: bug 1250177 - Investigate betxn plugins to ensure they return the correct error code (DS 47810)
a2f18f
a2f18f
* Thu Jul 23 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-8
a2f18f
- release 1.3.4.0-8
a2f18f
- Resolves: bug 1160243 - [RFE] allow logconv.pl -S/-E switches to work even when exact/same timestamps are not present in access log file (DS 47910)
a2f18f
- Resolves: bug 1172037 - winsync range retrieval gets only 5000 values upon initialization (DS 48010)
a2f18f
- Resolves: bug 1242531 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files (DS 48224)
a2f18f
- Resolves: bug 1243950 - When starting a replica agreement a deadlock can occur with an op updating nsuniqueid index (DS 48179)
a2f18f
- Resolves: bug 1243970 -  In MMR, double free coould occur under some special condition (DS 48226)
a2f18f
- Resolves: bug 1244926 - Crash while triming the retro changelog (DS 48206)
a2f18f
a2f18f
* Thu Jul 16 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-7
a2f18f
- release 1.3.4.0-7
a2f18f
- Resolves: bug 1235060 - Fix coverity issues - 07/14/2015 (DS 48203)
a2f18f
- Resolves: bug 1242531 - redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files (DS 48224)
a2f18f
a2f18f
* Tue Jul 14 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-6
a2f18f
- release 1.3.4.0-6
a2f18f
- Resolves: bug 1240845 - cleanallruv should completely clean changelog (DS 48208)
a2f18f
- Resolves: bug 1095603 - Any negative LDAP error code number reported as Illegal error by ldclt. (DS 47799)
a2f18f
- Resolves: bug 1168675 - Inconsistent behaviour of DS when LDAP Sync is used with an invalid cookie (DS 48013)
a2f18f
- Resolves: bug 1241723 - cleanAllRUV hangs shutdown if not all of the replicas are online (DS 48217)
a2f18f
- Resolves: bug 1241497 - crash in ns-slapd when deleting winSyncSubtreePair from sync agreement (DS 48216)
a2f18f
- Resolves: bug 1240404 - Silent install needs to properly exit when INF file is missing (DS 48119)
a2f18f
- Resolves: bug 1240406 - Remove warning suppression in 1.3.4 (DS 47878)
a2f18f
- Resolves: bug 1242683 - Winsync fails when AD users have multiple spaces (two)inside the value of the rdn attribute (DS 48223)
a2f18f
- Resolves: bug 1160243 - logconv.pl - validate start and end time args (DS 47910)
a2f18f
- Resolves: bug 1242531 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files (DS 48224)
a2f18f
- Resolves: bug 1230996 - CI test: fixing test cases for ticket 48194 (DS 48194)
a2f18f
a2f18f
* Tue Jul  7 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-5
a2f18f
- release 1.3.4.0-5
a2f18f
- Resolves: bug 1235060 - Fix coverity issues (DS 48203)
a2f18f
a2f18f
* Tue Jul  7 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-4
a2f18f
- release 1.3.4.0-4
a2f18f
- Resolves: bug 1240404 - setup-ds.pl does not log invalid --file path errors the same (DS 48119)
a2f18f
- Resolves: bug 1240406 - setup -u stops after first failure (DS 47878)
a2f18f
a2f18f
* Mon Jul  6 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-3
a2f18f
- release 1.3.4.0-3
a2f18f
- Resolves: bug 1228823 - async simple paged results issue (DS 48192)
a2f18f
- Resolves: bug 1237325 - reindex off-line twice could provoke index corruption (DS 48212)
a2f18f
- Resolves: bug 1238790 - ldapsearch on nsslapd-maxbersize returns 0 instead of current value (DS 48214)
a2f18f
a2f18f
* Wed Jun 24 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-2
a2f18f
- release 1.3.4.0-2
a2f18f
- Resolves: bug 1235060 - Fix coverity issues 
a2f18f
- Resolves: bug 1235387 - Slow replication when deleting large quantities of multi-valued attributes (DS 48195)
a2f18f
a2f18f
* Fri Jun 19 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-1
a2f18f
- Release 1.3.4.0-1 (rebase)
a2f18f
- Enable nunc-stans for x86_64.
a2f18f
- Resolves: bug 1034325 - Linked attributes betxnpreoperation - transaction not aborted when linked entry does not exit (DS 47640)
a2f18f
- Resolves: bug 1052755 - Retro Changelog Plugin accepts invalid value in nsslapd-changelogmaxage attribute (DS 47669)
a2f18f
- Resolves: bug 1096409 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown (DS 47801)
a2f18f
- Resolves: bug 1145378 - Adding an entry with an invalid password as rootDN is incorrectly rejected (DS 47900)
a2f18f
- Resolves: bug 1145382 - Bad manipulation of passwordhistory (DS 47905)
a2f18f
- Resolves: bug 1154147 - Uniqueness plugin: should allow to exclude some subtrees from its scope (DS 47927)
a2f18f
- Resolves: bug 1171358 - Make ReplicaWaitForAsyncResults configurable (DS 47957)
a2f18f
- Resolves: bug 1171663 - MODDN fails when entry doesn't have memberOf attribute and new DN is in the scope of memberOfExcludeSubtree (DS 47526)
a2f18f
- Resolves: bug 1174457 - [RFE] memberOf - add option to skip nested group lookups during delete operations (DS 47963)
a2f18f
- Resolves: bug 1178640 - db2bak.pl man page should be improved. (DS 48008)
a2f18f
- Resolves: bug 1179370 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes (DS 47981)
a2f18f
- Resolves: bug 1180331 - Local Password Policies for Nested OU's not honoured (DS 47980)
a2f18f
- Resolves: bug 1180776 - nsslapd-db-locks modify not taking into account (DS 47934)
a2f18f
- Resolves: bug 1181341 - nsslapd-changelogtrim-interval and nsslapd-changelogcompactdb-interval are not validated (DS 47617)
a2f18f
- Resolves: bug 1185882 - ns-activate.pl fails to activate account if it was disabled on AD (DS 48001)
a2f18f
- Resolves: bug 1186548 - ns-slapd crash in shutdown phase (DS 48005)
a2f18f
- Resolves: bug 1189154 - DNS errors after IPA upgrade due to broken ReplSync (DS 48030)
a2f18f
- Resolves: bug 1206309 - winsync sets AccountUserControl in AD to 544 (DS 47723)
a2f18f
- Resolves: bug 1210845 - slapd crashes during Dogtag clone reinstallation (DS 47966)
a2f18f
- Resolves: bug 1210850 - add an option '-u' to dbgen.pl for adding group entries with (DS 48025)
a2f18f
- Resolves: bug 1210852 - aci with wildcard and macro not correctly evaluated (DS 48141)
a2f18f
a2f18f
* Fri Jun 12 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-19
df9752
- release 1.3.3.1-19
a2f18f
- Resolves: bug 1230996 - nsSSL3Ciphers preference not enforced server side (DS 48194)
df9752
a2f18f
* Fri Jun  5 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-18
df9752
- release 1.3.3.1-18
a2f18f
- Resolves: bug 1228823 - async simple paged results issue (DS 48146, DS 48192)
df9752
a2f18f
* Tue Jun  2 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-17
df9752
- release 1.3.3.1-17
a2f18f
- Resolves: bug 1226510 - idm/ipa 389-ds-base entry cache converges to 500 KB in dblayer_is_cachesize_sane (DS 48190)
df9752
309aa9
* Tue Apr 21 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-16
309aa9
- release 1.3.3.1-16
309aa9
- Resolves: bug 1212894 - CVE-2015-1854 389ds-base: access control bypass with modrdn
309aa9
309aa9
* Mon Feb 23 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-15
309aa9
- release 1.3.3.1-15
309aa9
- Setting correct build tag 'rhel-7.1-z-candidate'
309aa9
309aa9
* Mon Feb 23 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-14
309aa9
- release 1.3.3.1-14
309aa9
- Resolves: bug 1189154 - DNS errors after IPA upgrade due to broken ReplSync (DS 48030)
309aa9
            Fixes spec file to make sure all the server instances are stopped before upgrade
309aa9
- Resolves: bug 1186548 - ns-slapd crash in shutdown phase (DS 48005)
309aa9
f92ce9
* Sun Jan 25 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-13
f92ce9
- release 1.3.3.1-13
f92ce9
- Resolves: bug 1183655 - Fixed Covscan FORWARD_NULL defects (DS 47988)
f92ce9
f92ce9
* Sun Jan 25 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-12
f92ce9
- release 1.3.3.1-12
f92ce9
- Resolves: bug 1182477 - Windows Sync accidentally cleared raw_entry (DS 47989)
f92ce9
- Resolves: bug 1180325 - upgrade script fails if /etc and /var are on different file systems (DS 47991 )
f92ce9
- Resolves: bug 1183655 - Schema learning mechanism, in replication, unable to extend an existing definition (DS 47988)
f92ce9
f92ce9
* Mon Jan  5 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-11
f92ce9
- release 1.3.3.1-11
f92ce9
- Resolves: bug 1080186 - During delete operation do not refresh cache entry if it is a tombstone (DS 47750)
f92ce9
f92ce9
* Wed Dec 17 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-10
f92ce9
- release 1.3.3.1-10
f92ce9
- Resolves: bug 1172731 - CVE-2014-8112 password hashing bypassed when "nsslapd-unhashed-pw-switch" is set to off 
f92ce9
- Resolves: bug 1166265 - DS hangs during online total update (DS 47942)
f92ce9
- Resolves: bug 1168151 - CVE-2014-8105 information disclosure through 'cn=changelog' subtree
f92ce9
- Resolves: bug 1044170 - Allow memberOf suffixes to be configurable (DS 47526)
f92ce9
- Resolves: bug 1171356 - Bind DN tracking unable to write to internalModifiersName without special permissions (DS 47950)
f92ce9
- Resolves: bug 1153737 - logconv.pl -- support parsing/showing/reporting different protocol versions (DS 47949)
f92ce9
- Resolves: bug 1171355 - start dirsrv after chrony on RHEL7 and Fedora (DS 47947)
f92ce9
- Resolves: bug 1170707 - cos_cache_build_definition_list does not stop during server shutdown (DS 47967)
f92ce9
- Resolves: bug 1170708 - COS memory leak when rebuilding the cache (DS - Ticket 47969)
f92ce9
- Resolves: bug 1170709 - Account lockout attributes incorrectly updated after failed SASL Bind (DS 47970)
f92ce9
- Resolves: bug 1166260 - cookie_change_info returns random negative number if there was no change in a tree (DS 47960)
f92ce9
- Resolves: bug 1012991 - Error log levels not displayed correctly (DS 47636)
f92ce9
- Resolves: bug 1108881 - rsearch filter error on any search filter (DS 47722)
f92ce9
- Resolves: bug 994690  - Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart (DS 47451)
f92ce9
- Resolves: bug 1162997 - Running a plugin task can crash the server (DS 47451)
f92ce9
- Resolves: bug 1166252 - RHEL7.1 ns-slapd segfault when ipa-replica-install restarts (DS 47451)
f92ce9
- Resolves: bug 1172597 - Crash if setting invalid plugin config area for MemberOf Plugin (DS 47525)
f92ce9
- Resolves: bug 1139882 - coverity defects found in 1.3.3.x (DS 47965)
f92ce9
		    
f92ce9
* Thu Nov 13 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-9
f92ce9
- release 1.3.3.1-9
f92ce9
- Resolves: bug 1153737 - Disable SSL v3, by default. (DS 47928)
f92ce9
- Resolves: bug 1163461 - Should not check aci syntax when deleting an aci (DS 47953)
f92ce9
f92ce9
* Mon Nov 10 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-8
f92ce9
- release 1.3.3.1-8
f92ce9
- Resolves: bug 1156607 - Crash in entry_add_present_values_wsi_multi_valued (DS 47937)
f92ce9
- Resolves: bug 1153737 - Disable SSL v3, by default (DS 47928, DS 47945, DS 47948)
f92ce9
- Resolves: bug 1158804 - Malformed cookie for LDAP Sync makes DS crash (DS 47939)
f92ce9
f92ce9
* Thu Oct 23 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-7
f92ce9
- release 1.3.3.1-7
f92ce9
- Resolves: bug 1153737 - Disable SSL v3, by default (DS 47928)
f92ce9
f92ce9
* Fri Oct 10 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-6
f92ce9
- release 1.3.3.1-6
f92ce9
- Resolves: bug 1151287 - dynamically added macro aci is not evaluated on the fly (DS 47922)
f92ce9
- Resolves: bug 1080186 - Need to move slapi_pblock_set(pb, SLAPI_MODRDN_EXISTING_ENTRY, original_entry->ep_entry) prior to original_entry overwritten (DS 47897)
f92ce9
- Resolves: bug 1150694 - Encoding of SearchResultEntry is missing tag (DS 47920)
f92ce9
- Resolves: bug 1150695 - ldbm_back_modify SLAPI_PLUGIN_BE_PRE_MODIFY_FN does not return even if one of the preop plugins fails. (DS 47919)
f92ce9
- Resolves: bug 1139882 - Fix remaining compiler warnings (DS 47892)
f92ce9
- Resolves: bug 1150206 - result of dna_dn_is_shared_config is incorrectly used (DS 47918)
f92ce9
f92ce9
* Wed Oct  1 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-5
f92ce9
- release 1.3.3.1-5
f92ce9
- Resolves: bug 1139882 - coverity defects found in 1.3.3.x (DS 47892)
f92ce9
f92ce9
* Wed Oct  1 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-4
f92ce9
- release 1.3.3.1-4
f92ce9
- Resolves: bug 1080186 - Creating a glue fails if one above level is a conflict or missing  (DS 47750)
f92ce9
- Resolves: bug 1145846 - 389-ds 1.3.3.0 does not adjust cipher suite configuration on upgrade, breaks itself and pki-server (DS 47908)
f92ce9
- Resolves: bug 1117979 - harden the list of ciphers available by default (phase 2) (DS 47838)
f92ce9
                        - provide enabled ciphers as search result (DS 47880)
f92ce9
f92ce9
* Fri Sep 12 2014 Rich Megginson <nhosoi@redhat.com> - 1.3.3.1-3
f92ce9
- release 1.3.3.1-3
f92ce9
- Resolves: bug 1139882 - coverity defects found in 1.3.3.1
f92ce9
f92ce9
* Thu Sep 11 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-2
f92ce9
- release 1.3.3.1-2
f92ce9
- Resolves: bug 1079099 - Simultaneous adding a user and binding as the user could fail in the password policy check (DS 47748)
f92ce9
- Resolves: bug 1080186 - Creating a glue fails if one above level is a conflict or missing (DS 47834)
f92ce9
- Resolves: bug 1139882 - coverity defects found in 1.3.3.1 (DS 47890)
f92ce9
- Resolves: bug 1112702 - Broken dereference control with the FreeIPA 4.0 ACIs (DS 47885 - deref plugin should not return references with noc access rights)
f92ce9
- Resolves: bug 1117979 - harden the list of ciphers available by default (DS 47838, DS 47895)
f92ce9
- Resolves: bug 1080186 - Creating a glue fails if one above level is a conflict or missing (DS 47889 - DS crashed during ipa-server-install on test_ava_filter)
f92ce9
f92ce9
* Fri Sep  5 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-1
f92ce9
- release 1.3.3.1-1
f92ce9
- Resolves: bug 746646 - RFE: easy way to configure which users and groups to sync with winsync
f92ce9
- Resolves: bug 881372 - nsDS5BeginReplicaRefresh attribute accepts any value and it doesn't throw any error when server restarts.
f92ce9
- Resolves: bug 920597 - Possible to add invalid ACI value
f92ce9
- Resolves: bug 921162 - Possible to add nonexistent target to ACI
f92ce9
- Resolves: bug 923799 - if nsslapd-cachememsize set to the number larger than the RAM available, should result in proper error message.
f92ce9
- Resolves: bug 924937 - Attribute "dsOnlyMemberUid" not allowed when syncing nested posix groups from AD with posixWinsync
f92ce9
- Resolves: bug 951754 - Self entry access ACI not working properly
f92ce9
- Resolves: bug 952517 - Dirsrv instance failed to start with Segmentation fault (core dump) after modifying 7-bit check plugin
f92ce9
- Resolves: bug 952682 - nsslapd-db-transaction-batch-val turns to -1
f92ce9
- Resolves: bug 966443 - Plugin library path validation
f92ce9
- Resolves: bug 975176 - Non-directory manager can change the individual userPassword's storage scheme
f92ce9
- Resolves: bug 979465 - IPA replica's - "SASL encrypted packet length exceeds maximum allowed limit"
f92ce9
- Resolves: bug 982597 - Some attributes in cn=config should not be multivalued
f92ce9
- Resolves: bug 987009 - 389-ds-base - shebang with /usr/bin/env
f92ce9
- Resolves: bug 994690 - RFE: Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart
f92ce9
- Resolves: bug 1012991 - errorlog-level 16384 is listed as 0 in cn=config
f92ce9
- Resolves: bug 1013736 - Enabling/Disabling DNA plug-in throws "ldap_modify: Server Unwilling to Perform (53)" error
f92ce9
- Resolves: bug 1014380 - setup-ds.pl doesn't lookup the "root" group correctly
f92ce9
- Resolves: bug 1020459 - rsa_null_sha should not be enabled by default
f92ce9
- Resolves: bug 1024541 - start dirsrv after ntpd
f92ce9
- Resolves: bug 1029959 - Managed Entries betxnpreoperation - transaction not aborted upon failure to create managed entry
f92ce9
- Resolves: bug 1031216 - add dbmon.sh
f92ce9
- Resolves: bug 1044133 - Indexed search with filter containing '&' and "!" with attribute subtypes gives wrong result
f92ce9
- Resolves: bug 1044134 - should set LDAP_OPT_X_SASL_NOCANON to LDAP_OPT_ON by default
f92ce9
- Resolves: bug 1044135 - make connection buffer size adjustable
f92ce9
- Resolves: bug 1044137 - posix winsync should support ADD user/group entries from DS to AD
f92ce9
- Resolves: bug 1044138 - mep_pre_op: Unable to fetch origin entry
f92ce9
- Resolves: bug 1044139 - [RFE] Support RFC 4527 Read Entry Controls
f92ce9
- Resolves: bug 1044140 - Allow search to look up 'in memory RUV'
f92ce9
- Resolves: bug 1044141 - MMR stress test with dna enabled causes a deadlock
f92ce9
- Resolves: bug 1044142 - winsync doesn't sync DN valued attributes if DS DN value doesn't exist
f92ce9
- Resolves: bug 1044143 - modrdn + NSMMReplicationPlugin - Consumer failed to replay change
f92ce9
- Resolves: bug 1044144 - resurrected entry is not correctly indexed
f92ce9
- Resolves: bug 1044146 - Add a warning message when a connection hits the max number of threads
f92ce9
- Resolves: bug 1044147 - 7-bit check plugin does not work for userpassword attribute
f92ce9
- Resolves: bug 1044148 - The backend name provided to bak2db is not validated
f92ce9
- Resolves: bug 1044149 - Winsync should support range retrieval
f92ce9
- Resolves: bug 1044150 - 7-bit checking is not necessary for userPassword
f92ce9
- Resolves: bug 1044151 - With SeLinux, ports can be labelled per range. setup-ds.pl or setup-ds-admin.pl fail to detect already ranged labelled ports
f92ce9
- Resolves: bug 1044152 - ChainOnUpdate: "cn=directory manager" can modify userRoot on consumer without changes being chained or replicated. Directory integrity compromised.
f92ce9
- Resolves: bug 1044153 - mods optimizer
f92ce9
- Resolves: bug 1044154 - multi master replication allows schema violation
f92ce9
- Resolves: bug 1044156 - DS crashes with some 7-bit check plugin configurations
f92ce9
- Resolves: bug 1044157 - Some updates of "passwordgraceusertime" are useless when updating "userpassword"
f92ce9
- Resolves: bug 1044159 - [RFE] Support 'Content Synchronization Operation' (SyncRepl) - RFC 4533
f92ce9
- Resolves: bug 1044160 - remove-ds.pl should remove /var/lock/dirsrv
f92ce9
- Resolves: bug 1044162 - enhance retro changelog
f92ce9
- Resolves: bug 1044163 - updates to ruv entry are written to retro changelog
f92ce9
- Resolves: bug 1044164 - Password administrators should be able to violate password policy
f92ce9
- Resolves: bug 1044168 - Schema replication between DS versions may overwrite newer base schema
f92ce9
- Resolves: bug 1044169 - ACIs do not allow attribute subtypes in targetattr keyword
f92ce9
- Resolves: bug 1044170 - Allow memberOf suffixes to be configurable
f92ce9
- Resolves: bug 1044171 - Allow referential integrity suffixes to be configurable
f92ce9
- Resolves: bug 1044172 - Plugin library path validation prevents intentional loading of out-of-tree modules
f92ce9
- Resolves: bug 1044173 - make referential integrity configuration more flexible
f92ce9
- Resolves: bug 1044177 - allow configuring changelog trim interval
f92ce9
- Resolves: bug 1044179 - objectclass may, must lists skip rest of objectclass once first is found in sup
f92ce9
- Resolves: bug 1044180 - memberOf on a user is converted to lowercase
f92ce9
- Resolves: bug 1044181 - report unindexed internal searches
f92ce9
- Resolves: bug 1044183 - With 1.3.04 and subtree-renaming OFF, when a user is deleted after restarting the server, the same entry can't be added
f92ce9
- Resolves: bug 1044185 - dbscan on entryrdn should show all matching values
f92ce9
- Resolves: bug 1044187 - logconv.pl - RFE - add on option for a minimum etime for unindexed search stats
f92ce9
- Resolves: bug 1044188 - Recognize compressed log files
f92ce9
- Resolves: bug 1044191 - support TLSv1.1 and TLSv1.2, if supported by NSS
f92ce9
- Resolves: bug 1044193 - default nsslapd-sasl-max-buffer-size should be 2MB
f92ce9
- Resolves: bug 1044194 - Complex filter in a search request doen't work as expected.
f92ce9
- Resolves: bug 1044196 - Automember plug-in should treat MODRDN operations as ADD operations
f92ce9
- Resolves: bug 1044198 - Replication of the schema may overwrite consumer 'attributetypes' even if consumer definition is a superset
f92ce9
- Resolves: bug 1044202 - db2bak.pl issue when specifying non-default directory
f92ce9
- Resolves: bug 1044203 - Allow referint plugin to use an alternate config area
f92ce9
- Resolves: bug 1044205 - Allow memberOf to use an alternate config area
f92ce9
- Resolves: bug 1044210 - idl switch does not work
f92ce9
- Resolves: bug 1044211 - make old-idl tunable
f92ce9
- Resolves: bug 1044212 - IDL-style can become mismatched during partial restoration
f92ce9
- Resolves: bug 1044213 - backend performance - introduce optimization levels
f92ce9
- Resolves: bug 1044215 - using transaction batchval violates durability
f92ce9
- Resolves: bug 1044216 - examine replication code to reduce amount of stored state information
f92ce9
- Resolves: bug 1048980 - 7-bit check plugin not checking MODRDN operation
f92ce9
- Resolves: bug 1049030 - Windows Sync group issues
f92ce9
- Resolves: bug 1052751 - Page control does not work if effective rights control is specified
f92ce9
- Resolves: bug 1052754 - Allow nsDS5ReplicaBindDN to be a group DN
f92ce9
- Resolves: bug 1057803 - logconv errors when search has invalid bind dn
f92ce9
- Resolves: bug 1060032 - [RFE] Update lastLoginTime also in Account Policy plugin if account lockout is based on passwordExpirationTime.
f92ce9
- Resolves: bug 1061060 - betxn: retro changelog broken after cancelled transaction
f92ce9
- Resolves: bug 1061572 - improve dbgen rdn generation, output and man page.
f92ce9
- Resolves: bug 1063990 - single valued attribute replicated ADD does not work
f92ce9
- Resolves: bug 1064006 - Size returned by slapi_entry_size is not accurate
f92ce9
- Resolves: bug 1064986 - Replication retry time attributes cannot be added
f92ce9
- Resolves: bug 1067090 - Missing warning for invalid replica backoff configuration
f92ce9
- Resolves: bug 1072032 - Updating nsds5ReplicaHost attribute in a replication agreement fails with error 53
f92ce9
- Resolves: bug 1074306 - Under heavy stress, failure of turning a tombstone into glue makes the server hung
f92ce9
- Resolves: bug 1074447 - Part of DNA shared configuration is deleted after server restart
f92ce9
- Resolves: bug 1076729 - Continuous add/delete of an entry in MMR setup causes entryrdn-index conflict
f92ce9
- Resolves: bug 1077884 - ldap/servers/slapd/back-ldbm/dblayer.c: possible minor problem with sscanf
f92ce9
- Resolves: bug 1077897 - Memory leak with proxy auth control
f92ce9
- Resolves: bug 1079099 - Simultaneous adding a user and binding as the user could fail in the password policy check
f92ce9
- Resolves: bug 1080186 - Creating a glue fails if one above level is a conflict or missing
f92ce9
- Resolves: bug 1082967 - attribute uniqueness plugin fails when set as a chaining component
f92ce9
- Resolves: bug 1085011 - Directory Server crash reported from reliab15 execution
f92ce9
- Resolves: bug 1086890 - empty modify returns LDAP_INVALID_DN_SYNTAX
f92ce9
- Resolves: bug 1086902 - mem leak in do_bind when there is an error
f92ce9
- Resolves: bug 1086904 - mem leak in do_search - rawbase not freed upon certain errors
f92ce9
- Resolves: bug 1086908 - Performing deletes during tombstone purging results in operation errors
f92ce9
- Resolves: bug 1090178 - #481 breaks possibility to reassemble memberuid list
f92ce9
- Resolves: bug 1092099 - A replicated MOD fails (Unwilling to perform) if it targets a tombstone
f92ce9
- Resolves: bug 1092342 - nsslapd-ndn-cache-max-size accepts any invalid value.
f92ce9
- Resolves: bug 1092648 - Negative value of nsSaslMapPriority is not reset to lowest priority
f92ce9
- Resolves: bug 1097004 - Problem with deletion while replicated
f92ce9
- Resolves: bug 1098654 - db2bak.pl error with changelogdb
f92ce9
- Resolves: bug 1099654 - Normalization from old DN format to New DN format doesnt handel condition properly when there is space in a suffix after the seperator operator.
f92ce9
- Resolves: bug 1108405 - find a way to remove replication plugin errors messages "changelog iteration code returned a dummy entry with csn %s, skipping ..."
f92ce9
- Resolves: bug 1108407 - managed entry plugin fails to update managed entry pointer on modrdn operation
f92ce9
- Resolves: bug 1108865 - memory leak in ldapsearch filter objectclass=*
f92ce9
- Resolves: bug 1108870 - ACI warnings in error log
f92ce9
- Resolves: bug 1108872 - Logconv.pl with an empty access log gives lots of errors
f92ce9
- Resolves: bug 1108874 - logconv.pl memory continually grows
f92ce9
- Resolves: bug 1108881 - rsearch filter error on any search filter
f92ce9
- Resolves: bug 1108895 - [RFE - RHDS9] CLI report to monitor replication
f92ce9
- Resolves: bug 1108902 - rhds91 389-ds-base-1.2.11.15-31.el6_5.x86_64 crash in db4 __dbc_get_pp env = 0x0 ?
f92ce9
- Resolves: bug 1108909 - single valued attribute replicated ADD does not work
f92ce9
- Resolves: bug 1109334 - 389 Server crashes if uniqueMember is invalid syntax and memberOf plugin is enabled.
f92ce9
- Resolves: bug 1109336 - Parent numsubordinate count can be incorrectly updated if an error occurs
f92ce9
- Resolves: bug 1109339 - Nested tombstones become orphaned after purge
f92ce9
- Resolves: bug 1109354 - Tombstone purging can crash the server if the backend is stopped/disabled
f92ce9
- Resolves: bug 1109357 - Coverity issue in 1.3.3
f92ce9
- Resolves: bug 1109364 - valgrind - value mem leaks, uninit mem usage
f92ce9
- Resolves: bug 1109375 - provide default syntax plugin
f92ce9
- Resolves: bug 1109378 - Environment variables are not passed when DS is started via service
f92ce9
- Resolves: bug 1111364 - Updating winsync one-way sync does not affect the behaviour dynamically
f92ce9
- Resolves: bug 1112824 - Broken dereference control with the FreeIPA 4.0 ACIs
f92ce9
- Resolves: bug 1113605 - server restart wipes out index config if there is a default index
f92ce9
- Resolves: bug 1115177 - attrcrypt_generate_key calls slapd_pk11_TokenKeyGenWithFlags with improper macro
f92ce9
- Resolves: bug 1117021 - Server deadlock if online import started while server is under load
f92ce9
- Resolves: bug 1117975 - paged results control is not working in some cases when we have a subsuffix.
f92ce9
- Resolves: bug 1117979 - harden the list of ciphers available by default
f92ce9
- Resolves: bug 1117981 - Fix various typos in manpages & code
f92ce9
- Resolves: bug 1117982 - Fix hyphens used as minus signed and other manpage mistakes
f92ce9
- Resolves: bug 1118002 - server crashes deleting a replication agreement
f92ce9
- Resolves: bug 1118006 - RFE - forcing passwordmustchange attribute by non-cn=directory manager
f92ce9
- Resolves: bug 1118007 - [RFE] Make it possible for privileges to be provided to an admin user to import an LDIF file containing hashed passwords
f92ce9
- Resolves: bug 1118014 - Enhance ACIs to have more control over MODRDN operations
f92ce9
- Resolves: bug 1118021 - Return all attributes in rootdse without explicit request
f92ce9
- Resolves: bug 1118025 - Slow ldapmodify operation time for large quantities of multi-valued attribute values
f92ce9
- Resolves: bug 1118032 - Schema Replication Issue
f92ce9
- Resolves: bug 1118034 - 389 DS Server crashes and dies while handles paged searches from clients
f92ce9
- Resolves: bug 1118043 - Failed deletion of aci: no such attribute
f92ce9
- Resolves: bug 1118048 - If be_txn plugin fails in ldbm_back_add, adding entry is double freed.
f92ce9
- Resolves: bug 1118051 - Add switch to disable pre-hashed password checking
f92ce9
- Resolves: bug 1118054 - Make ldbm_back_seq independently support transactions
f92ce9
- Resolves: bug 1118055 - Add operations rejected by betxn plugins remain in cache
f92ce9
- Resolves: bug 1118057 - online import crashes server if using verbose error logging
f92ce9
- Resolves: bug 1118059 - add fixup-memberuid.pl script
f92ce9
- Resolves: bug 1118060 - winsync plugin modify is broken
f92ce9
- Resolves: bug 1118066 - memberof scope: allow to exclude subtrees
f92ce9
- Resolves: bug 1118069 - 389-ds production segfault: __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:144
f92ce9
- Resolves: bug 1118074_DELETE_FN - plugin returned error" messages
f92ce9
- Resolves: bug 1118076 - ds logs many "Operation error fetching Null DN" messages
f92ce9
- Resolves: bug 1118077 - Improve import logging and abort handling
f92ce9
- Resolves: bug 1118079 - Multi master replication initialization incomplete after restore of one master
f92ce9
- Resolves: bug 1118080 - Don't add unhashed password mod if we don't have an unhashed value
f92ce9
- Resolves: bug 1118081 - Investigate betxn plugins to ensure they return the correct error code
f92ce9
- Resolves: bug 1118082 - The error result text message should be obtained just prior to sending result
f92ce9
- Resolves: bug 1123865 - CVE-2014-3562 389-ds-base: 389-ds: unauthenticated information disclosure [rhel-7.1] 
f92ce9
f92ce9
* Fri May  2 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-26
5bd817
- release 1.3.1.6-26
f92ce9
- Resolves: bug 1085011 - Directory Server crash reported from reliab15 execution (Ticket 346)
5bd817
f92ce9
* Mon Mar 31 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-25
cc3dff
- release 1.3.1.6-25
cc3dff
- Resolves: bug 1082740 - ns-slapd crash in reliability 15
cc3dff
cc3dff
* Thu Mar 13 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-24
cc3dff
- release 1.3.1.6-24
cc3dff
- Resolves: bug 1074084 - e_uniqueid fails to set if an entry is a conflict entry (Ticket 47735); regression - sub-type length in attribute type was mistakenly subtracted.
cc3dff
cc3dff
* Tue Mar 11 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-23
cc3dff
- Resolves: bug 1074850 - EMBARGOED CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [rhel-7.0] (Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind) (Added 0095-Ticket-47739-directory-server-is-insecurely-misinter.patch)
cc3dff
f92ce9
  Tue Mar 11 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-23
cc3dff
- release 1.3.1.6-22
cc3dff
- Resolves: bug 1074850 - EMBARGOED CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [rhel-7.0] (Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind)
cc3dff
cc3dff
* Mon Mar 10 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-22
cc3dff
- release 1.3.1.6-22
cc3dff
- Resolves: bug 1074084 - e_uniqueid fails to set if an entry is a conflict entry (Ticket 47735)
cc3dff
cc3dff
* Tue Feb 25 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-21
cc3dff
- release 1.3.1.6-21
cc3dff
- Resolves: bug 918694 - Fix covscan defect FORWARD_NULL (Ticket 408)
cc3dff
- Resolves: bug 918717 - Fix covscan defect COMPILER WARNINGS (Ticket 571)
cc3dff
cc3dff
* Tue Feb 25 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-20
cc3dff
- release 1.3.1.6-20
cc3dff
- Resolves: bug 1065242 - 389-ds-base, conflict occurs at yum installation if multilib_policy=all. (Ticket 47709)
cc3dff
cc3dff
* Tue Feb 18 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-19
cc3dff
- release 1.3.1.6-19
cc3dff
- Resolves: bug 1065971 - Enrolling a host into IdM/IPA always takes two attempts (Ticket 47704)
cc3dff
cc3dff
* Mon Feb  3 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-18
cc3dff
- release 1.3.1.6-18
cc3dff
- Resolves: bug 838656 - logconv.pl tool removes the access logs contents if "-M" is not correctly used (Ticket 471)
cc3dff
- Resolves: bug 922538 - improve dbgen rdn generation, output (Ticket 47374)
cc3dff
- Resolves: bug 970750 - flush.pl is not included in perl5 (Ticket 47374)
cc3dff
- Resolves: bug 1013898 - Fix various issues with logconv.pl (Ticket 471)
cc3dff
cc3dff
* Wed Jan 29 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-17
cc3dff
- release 1.3.1.6-17
cc3dff
- Resolves: bug 853106 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error (Ticket 443)
cc3dff
- Resolves: bug 1049525 - Server hangs in cos_cache when adding a user entry (Ticket 47649)
cc3dff
    
cc3dff
* Wed Jan 29 2014 Daniel Mach <dmach@redhat.com> - 1.3.1.6-16
cc3dff
- Mass rebuild 2014-01-24
cc3dff
cc3dff
* Tue Jan 21 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-15
cc3dff
- release 1.3.1.6-15
cc3dff
- Resolves: bug 918702 -  better error message when cache overflows (Ticket 342)
cc3dff
- Resolves: bug 1009679 - replication stops with excessive clock skew (Ticket 47516)
cc3dff
- Resolves: bug 1042855 - Unable to delete protocol timeout attribute (Ticket 47620)
cc3dff
- Resolves: bug 918694 - Fix crash when disabling/enabling the setting (Ticket 408)
cc3dff
- Resolves: bug 853355 - config_set_allowed_to_delete_attrs: Valgrind reports Invalid read (Ticket 47660)
cc3dff
cc3dff
* Wed Jan  8 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-14
cc3dff
- release 1.3.1.6-14
cc3dff
- Resolves: bug 853355 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs (Ticket 447) 
cc3dff
- Resolves: bug 1034739 - Impossible to configure nsslapd-allowed-sasl-mechanisms (Ticket 47613)
cc3dff
- Resolves: bug 1038639 - 389-ds rejects nsds5ReplicaProtocolTimeout attribut; Fix logically dead code; Fix dereferenced NULL pointer in agmtlist_modify_callback(); Fix missing left brackete (Ticket 47620)
cc3dff
- Resolves: bug 1042855 - nsds5ReplicaProtocolTimeout attribute is not validated when added to replication agreement; Config value validation improvement (Ticket 47620)
cc3dff
- Resolves: bug 918717 - server does not accept 0 length LDAP Control sequence (Ticket 571)
cc3dff
- Resolves: bug 1034902 - replica init/bulk import errors should be more verbose (Ticket 47606)
cc3dff
- Resolves: bug 1044219 - fix memleak caused by 47347 (Ticket 47623)
cc3dff
- Resolves: bug 1049522 - Crash after replica is installed; Fix cherry-pick error for 1.3.2 and 1.3.1 (Ticket 47620)
cc3dff
- Resolves: bug 1049568 - changelog iteration should ignore cleaned rids when getting the minCSN (Ticket 47627) 
cc3dff
cc3dff
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.3.1.6-13
cc3dff
- Mass rebuild 2013-12-27
cc3dff
cc3dff
* Tue Dec 10 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-12
cc3dff
- release 1.3.1.6-12
cc3dff
- Resolves: bug 1038639 - 389-ds rejects nsds5ReplicaProtocolTimeout attribute (Ticket 47620)
cc3dff
- Resolves: bug 1034898 - automember plugin task memory leaks (Ticket 47592)
cc3dff
- Resolves: bug 1034451 - Possible to specify invalid SASL mechanism in nsslapd-allowed-sasl-mechanisms (Ticket 47614)
cc3dff
- Resolves: bug 1032318 - entries with empty objectclass attribute value can be hidden (Ticket 47591)
cc3dff
- Resolves: bug 1032316 - attrcrypt fails to find unlocked key (Ticket 47596)
cc3dff
- Resolves: bug 1031227 - Reduce lock scope in retro changelog plug-in (Ticket 47599)
cc3dff
- Resolves: bug 1031226 - Convert ldbm_back_seq code to be transaction aware (Ticket 47598)
cc3dff
- Resolves: bug 1031225 - Convert retro changelog plug-in to betxn (Ticket 47597)
cc3dff
- Resolves: bug 1031223 - hard coded limit of 64 masters in agreement and changelog code (Ticket 47587)
cc3dff
- Resolves: bug 1034739 - Impossible to configure nsslapd-allowed-sasl-mechanisms (Ticket 47613)
cc3dff
- Resolves: bug 1035824 - Automember betxnpreoperation - transaction not aborted when group entry does not exist (Ticket 47622)
cc3dff
cc3dff
* Thu Nov 21 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.6-11
cc3dff
- Resolves: bug 1024979 - CVE-2013-4485 389-ds-base: DoS due to improper handling of ger attr searches
cc3dff
ba46c7
* Tue Nov 12 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.6-10
ba46c7
- release 1.3.1.6-10
ba46c7
- Resolves: bug 1018893 DS91: ns-slapd stuck in DS_Sleep
ba46c7
-     had to revert earlier change - does not work and breaks ipa
ba46c7
ba46c7
* Tue Nov 12 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-9
ba46c7
- release 1.3.1.6-9
ba46c7
- Resolves: bug 1028440 - Winsync replica initialization and incremental updates from DS to AD fails on RHEL
ba46c7
- Resolves: bug 1027502 - Replication Failures related to skipped entries due to cleaned rids
ba46c7
- Resolves: bug 1027047 - Winsync plugin segfault during incremental backoff
ba46c7
ba46c7
* Wed Nov  6 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-8
ba46c7
- release 1.3.1.6-8
ba46c7
- Resolves: bug 971111 - DNA plugin failed to fetch replication agreement 
ba46c7
- Resolves: bug 1026931 - 1.2.11.29 crash when removing entries from cache
ba46c7
ba46c7
* Mon Oct 21 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.6-7
ba46c7
- Resolves: bug 1018893 DS91: ns-slapd stuck in DS_Sleep
ba46c7
- Resolves: bug 1018914 fixup memberof task does not work: task entry not added 
ba46c7
ba46c7
* Fri Oct 11 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.6-6
ba46c7
- Resolves: bug 1013900 - logconv: some stats do not work across server restarts
ba46c7
-  previous patch introduced regressions
ba46c7
-  fixed by c2eced0 ticket #47550 and e2a880b Ticket #47550 and 8b10f83 Ticket #47551
ba46c7
- Resolves: bug 1008610 - tmpfiles.d references /var/lock when they should reference /run/lock
ba46c7
-  previous patch not complete, fixed by a11be5c Ticket 47513
ba46c7
- Resolves: bug 1016749 - DS crashes when "cn=Directory Manager" is changing it's password
ba46c7
-  cherry picked upstream f786600 Ticket 47329 and b67e230 Coverity Fixes
ba46c7
- Resolves: bug 1015252 locale "nl" not supported by collation plugin
ba46c7
- Resolves: bug 1016317 Need to update supported locales
ba46c7
- Resolves: bug 1016722 memory leak in range searches
ba46c7
ba46c7
* Tue Oct  1 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.6-5
ba46c7
- Resolves: bug 1013896 - logconv.pl - Use of comma-less variable list is deprecated
ba46c7
- Resolves: bug 1008256 - backend txn plugin fixup tasks should be done in a txn
ba46c7
- Resolves: bug 1013738 - CLEANALLRUV doesnt run across all replicas
ba46c7
- Resolves: bug 1011220 - PassSync removes User must change password flag on the Windows side
ba46c7
- Resolves: bug 1008610 - tmpfiles.d references /var/lock when they should reference /run/lock
ba46c7
- Resolves: bug 1012125 - Set up replcation/agreement before initializing the sub suffix, the sub suffix is not found by ldapsearch
ba46c7
- Resolves: bug 1013063 - RUV tombstone search with scope "one" doesn`t work
ba46c7
- Resolves: bug 1013893 - Indexed search are logged with 'notes=U' in the access logs
ba46c7
- Resolves: bug 1013894 - improve logconv.pl performance with large access logs
ba46c7
- Resolves: bug 1013898 - Fix various issues with logconv.pl
ba46c7
- Resolves: bug 1013897 - logconv.pl uses /var/tmp for BDB temp files
ba46c7
- Resolves: bug 1013900 - logconv: some stats do not work across server restarts
ba46c7
- Resolves: bug 1014354 - Coverity fixes - 12023, 12024, and 12025
ba46c7
ba46c7
* Fri Sep 13 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-4
ba46c7
- bump version to 1.3.1.6-4
ba46c7
- Resolves Bug 1007988 - Under specific values of nsDS5ReplicaName, replication may get broken or updates missing (Ticket 47489)
ba46c7
- Resolves Bug 853931 - Allow macro aci keywords to be case-insensitive (Ticket 449)
ba46c7
- Resolves Bug 1006563 - automember rebuild task not working as expected (Ticket 47507)
ba46c7
ba46c7
* Fri Sep  6 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.6-3
ba46c7
- Ticket #47455 - valgrind - value mem leaks, uninit mem usage
ba46c7
- Ticket 47500 - start-dirsrv/restart-dirsrv/stop-disrv do not register with systemd correctly
ba46c7
ba46c7
* Mon Aug 26 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-2
ba46c7
- bump version to 1.3.1.6-2
ba46c7
- Resolves Bug 1000633 - ns-slapd crash due to bogus DN
ba46c7
- Ticket #47488 - Users from AD sub OU does not sync to IPA
ba46c7
cc3dff
* Thu Aug 01 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-1
ba46c7
- bump version to 1.3.1.6
ba46c7
- Ticket 47455 - valgrind - value mem leaks, uninit mem usage
ba46c7
- fix coverity 11915 - dead code - introduced with fix for ticket 346
ba46c7
- fix coverity 11895 - null deref - caused by fix to ticket 47392
ba46c7
- fix compiler warning in posix winsync code for posix_group_del_memberuid_callback
ba46c7
- Fix compiler warnings for Ticket 47395 and 47397
ba46c7
- fix compiler warning (cherry picked from commit 904416f4631d842a105851b4a9931ae17822a107)
ba46c7
- Ticket 47450 - Fix compiler formatting warning errors for 32/64 bit arch
ba46c7
- fix compiler warnings
ba46c7
- Fix compiler warning (cherry picked from commit ec6ebc0b0f085a82041d993ab2450a3922ef5502)
ba46c7
ba46c7
* Tue Jul 30 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.5-1
ba46c7
- bump version to 1.3.1.5
ba46c7
- Ticket 47456 - delete present values should append values to deleted values
ba46c7
- Ticket 47455 - valgrind - value mem leaks, uninit mem usage
ba46c7
- Ticket 47448 - Segfault in 389-ds-base-1.3.1.4-1.fc19 when setting up FreeIPA replication
ba46c7
- Ticket 47440 - Fix runtime errors caused by last patch.
ba46c7
- Ticket 47440 - Fix compilation warnings and header files
ba46c7
- Ticket 47405 - CVE-2013-2219 ACLs inoperative in some search scenarios
ba46c7
- Ticket 47447 - logconv.pl man page missing -m,-M,-B,-D
ba46c7
- Ticket 47378 - fix recent compiler warnings
ba46c7
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
ba46c7
- Ticket 47449 - deadlock after adding and deleting entries
ba46c7
- Ticket 47441 - Disk Monitoring not checking filesystem with logs
ba46c7
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
ba46c7
ba46c7
* Fri Jul 19 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.4-1
ba46c7
- bump version to 1.3.1.4
ba46c7
- Ticket 47435 - Very large entryusn values after enabling the USN plugin and the lastusn value is negat
ba46c7
- Ticket 47424 - Replication problem with add-delete requests on single-valued attributes
ba46c7
- Ticket 47367 - (phase 2) ldapdelete returns non-leaf entry error while trying to remove a leaf entry
ba46c7
- Ticket 47367 - (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry
ba46c7
- Ticket 47421 - memory leaks in set_krb5_creds
ba46c7
- Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of multi-valued attribute v
ba46c7
- Ticket 47369  version2 - provide default syntax plugin
ba46c7
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
ba46c7
- Ticket 47339 - RHDS denies MODRDN access if ACI list contains any DENY rule
ba46c7
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
ba46c7
- Ticket 47428 - Memory leak in 389-ds-base 1.2.11.15
ba46c7
- Ticket 47392 - ldbm errors when adding/modifying/deleting entries
ba46c7
- Ticket 47385 - Disk Monitoring is not triggered as expected.
ba46c7
- Ticket 47410 - changelog db deadlocks with DNA and replication
ba46c7
ba46c7
* Fri Jul 19 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.3-1
ba46c7
- bump version to 1.3.1.3
ba46c7
- Ticket 47374 - flush.pl is not included in perl5
ba46c7
- Ticket 47391 - deleting and adding userpassword fails to update the password (additional fix)
ba46c7
- Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization
ba46c7
- Ticket 47395 47397 - v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured
ba46c7
- Ticket 47396 - crash on modrdn of tombstone
ba46c7
- Ticket 47400 - MMR stress test with dna enabled causes a deadlock
ba46c7
- Ticket 47409 - allow setting db deadlock rejection policy
ba46c7
- Ticket 47419 - Unhashed userpassword can accidentally get removed from mods
ba46c7
- Ticket 47420 - An upgrade script 80upgradednformat.pl fails to handle a server instance name incuding '-'
ba46c7
ba46c7
* Fri Jul 12 2013 Jan Safranek <jsafrane@redhat.com> - 1.3.1.2-2
ba46c7
- Rebuilt for new net-snmp
ba46c7
ba46c7
* Sat Jun 15 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.2-1
ba46c7
- bump version to 1.3.1.2
ba46c7
- Ticket 47391 - deleting and adding userpassword fails to update the password
ba46c7
- Coverity Fixes (Part 7)
ba46c7
ba46c7
* Fri Jun 14 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.1-1
ba46c7
- bump version to 1.3.1.1
ba46c7
- Ticket 402 - nhashed#user#password in entry extension
ba46c7
- Ticket 511 - Revision - allow turning off vattr lookup in search entry return
ba46c7
- Ticket 580 - Wrong error code return when using EXTERNAL SASL and no client certificate
ba46c7
- Ticket 47327 - error syncing group if group member user is not synced
ba46c7
- Ticket 47355 - dse.ldif doesn't replicate update to nsslapd-sasl-mapping-fallback
ba46c7
- Ticket 47359 - new ldap connections can block ldaps and ldapi connections
ba46c7
- Ticket 47362 - ipa upgrade selinuxusermap data not replicating
ba46c7
- Ticket 47375 - flush_ber error sending back start_tls response will deadlock
ba46c7
- Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3)
ba46c7
- Ticket 47377 - make listen backlog size configurable
ba46c7
- Ticket 47378 - fix recent compiler warnings
ba46c7
- Ticket 47383 - connections attribute in cn=snmp,cn=monitor is counted twice
ba46c7
- Ticket 47385 - DS not shutting down when disk monitoring threshold is reached
ba46c7
- Coverity Fixes (part 1)
ba46c7
- Coverity Fixes (Part 2)
ba46c7
- Coverity Fixes (Part 3)
ba46c7
- Coverity Fixes (Part 4)
ba46c7
- Coverity Fixes (Part 5)
ba46c7
ba46c7
* Thu May 02 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.0-1
ba46c7
- bump version to 1.3.1.0
ba46c7
- Ticket 332 - Command line perl scripts should attempt most secure connection type first
ba46c7
- Ticket 342 - better error message when cache overflows
ba46c7
- Ticket 417 - RFE - forcing passwordmustchange attribute by non-cn=directory manager
ba46c7
- Ticket 419 - logconv.pl - improve memory management
ba46c7
- Ticket 422 - 389-ds-base - Can't call method "getText"
ba46c7
- Ticket 433 - multiple bugs in start-dirsrv, stop-dirsrv, restart-dirsrv scripts
ba46c7
- Ticket 458 - RFE - Make it possible for privileges to be provided to an admin user to import an LDIF file containing hashed passwords
ba46c7
- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used
ba46c7
- Ticket 487 - Possible to add invalid attribute values to PAM PTA plugin configuration
ba46c7
- Ticket 502 - setup-ds.pl script should wait if "semanage.trans.LOCK" presen
ba46c7
- Ticket 505 - use lock-free access name2asi and oid2asi tables (additional)
ba46c7
- Ticket 508 - lock-free access to FrontendConfig structure
ba46c7
- Ticket 511 - allow turning off vattr lookup in search entry return
ba46c7
- Ticket 525 - Introducing a user visible configuration variable for controlling replication retry time
ba46c7
- Ticket 528 - RFE - get rid of instance specific scripts
ba46c7
- Ticket 529 - dn normalization must handle multiple space characters in attributes
ba46c7
- Ticket 532 - RUV is not getting updated for both Master and consumer
ba46c7
- Ticket 533 - only scan for attributes to decrypt if there are encrypted attrs configured
ba46c7
- Ticket 534 - RFE: Add SASL mappings fallback
ba46c7
- Ticket 537 - Improvement of range search
ba46c7
- Ticket 539 - logconv.pl should handle microsecond timing
ba46c7
- Ticket 543 - Sorting with attributes in ldapsearch gives incorrect result
ba46c7
- Ticket 545 - Segfault during initial LDIF import: str2entry_dupcheck()
ba46c7
- Ticket 547 - Incorrect assumption in ndn cache
ba46c7
- Ticket 550 - posix winsync will not create memberuid values if group entry become posix group in the same sync interval
ba46c7
- Ticket 551 - Multivalued rootdn-days-allowed in RootDN Access Control plugin always results in access control violation
ba46c7
- Ticket 552 - Adding rootdn-open-time without rootdn-close-time to RootDN Acess Control results in inconsistent configuration
ba46c7
- Ticket 558 - Replication - make timeout for protocol shutdown configurable
ba46c7
- Ticket 561 - disable writing unhashed#user#password to changelog
ba46c7
- Ticket 563 - DSCreate.pm: Error messages cannot be used in the if expression since they could be localized.
ba46c7
- Ticket 565 - turbo mode and replication - allow disable of turbo mode
ba46c7
- Ticket 571 - server does not accept 0 length LDAP Control sequence
ba46c7
- Ticket 574 - problems with dbcachesize disk space calculation
ba46c7
- Ticket 583 - dirsrv fails to start on reboot due to /var/run/dirsrv permissions
ba46c7
- Ticket 585 - Behaviours of "db2ldif -a <filename>" and "db2ldif.pl -a <filename>" are inconsistent
ba46c7
- Ticket 587 - Replication error messages in the DS error logs
ba46c7
- Ticket 588 - Create MAN pages for command line scripts
ba46c7
- Ticket 600 - Server should return unavailableCriticalExtension when processing a badly formed critical control
ba46c7
- Ticket 603 - A logic error in str2simple
ba46c7
- Ticket 604 - Required attribute not checked during search operation
ba46c7
- Ticket 608 - Posix Winsync plugin throws "posix_winsync_end_update_cb: failed to add task entry" error message
ba46c7
- Ticket 611 - logconv.pl missing stats for StartTLS, LDAPI, and AUTOBIND
ba46c7
- Ticket 612 - improve dbgen rdn generation, output
ba46c7
- Ticket 613 - ldclt: add timestamp, interval, nozeropad, other improvements
ba46c7
- Ticket 616 - High contention on computed attribute lock
ba46c7
- Ticket 618 - Crash at shutdown while stopping replica agreements
ba46c7
- Ticket 620 - Better logging of error messages for 389-ds-base
ba46c7
- Ticket 621 - modify operations without values need to be written to the changelog
ba46c7
- Ticket 622 - DS logging errors "libdb: BDB0171 seek: 2147483648: (262144 * 8192) + 0: No such file or directory
ba46c7
- Ticket 631 - Replication: "Incremental update started" status message without consumer initialized
ba46c7
- Ticket 633 - allow nsslapd-nagle to be disabled, and also tcp cork
ba46c7
- Ticket 47299 - allow cmdline scripts to work with non-root user
ba46c7
- Ticket 47302 - get rid of sbindir start/stop/restart slapd scripts
ba46c7
- Ticket 47303 - start/stop/restart dirsrv scripts should report and error if no instances
ba46c7
- Ticket 47304 - reinitialization of a master with a disabled agreement hangs
ba46c7
- Ticket 47311 - segfault in db2ldif(trigger by a cleanallruv task)
ba46c7
- Ticket 47312 - replace PR_GetFileInfo with PR_GetFileInfo64
ba46c7
- Ticket 47315 - filter option in fixup-memberof requires more clarification
ba46c7
- Ticket 47325 - Crash at shutdown on a replica aggrement
ba46c7
- Ticket 47330 - changelog db extension / upgrade is obsolete
ba46c7
- Ticket 47336 - logconv.pl -m not working for all stats
ba46c7
- Ticket 47341 - logconv.pl -m time calculation is wrong
ba46c7
- Ticket 47343 - 389-ds-base: Does not support aarch64 in f19 and rawhide
ba46c7
- Ticket 47347 - Simple paged results should support async search
ba46c7
- Ticket 47348 - add etimes to per second/minute stats
ba46c7
- Ticket 47349 - DS instance crashes under a high load
ba46c7
ba46c7
* Thu Mar 28 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.5-1
ba46c7
- bump version to 1.3.0.5
ba46c7
- Ticket 47308 - unintended information exposure when anonymous access is set to rootdse
ba46c7
- Ticket 628 - crash in aci evaluation
ba46c7
- Ticket 627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so
ba46c7
- Ticket 634 - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up
ba46c7
- Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC
ba46c7
- Ticket 623 - cleanAllRUV task fails to cleanup config upon completion
ba46c7
ba46c7
* Mon Mar 11 2013 Mark Reynolds <mreynolds@redhat.com> - 1.3.0.4-1
ba46c7
- e53d691 bump version to 1.3.0.4
ba46c7
- Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
ba46c7
- Ticket 570 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled)
ba46c7
- Ticket 490 - Slow role performance when using a lot of roles
ba46c7
- Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry
ba46c7
ba46c7
* Wed Feb 13 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.3-1
ba46c7
- bump version to 1.3.0.3
ba46c7
- Ticket #584 - Existence of an entry is not checked when its password is to be deleted
ba46c7
- Ticket 562 - Crash when deleting suffix
ba46c7
ba46c7
* Fri Feb 01 2013 Parag Nemade <paragn at="" fedoraproject="" dot="" org=""> - 1.3.0.2-2
ba46c7
- Rebuild for icu 50
ba46c7
ba46c7
* Wed Jan 16 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.2-1
ba46c7
- bump version to 1.3.0.2
ba46c7
- Ticket #542 - Cannot dynamically set nsslapd-maxbersize
ba46c7
ba46c7
* Wed Jan 16 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.1-1
ba46c7
- bump version to 1.3.0.1
ba46c7
- Ticket 556 - Don't overwrite certmap.conf during upgrade
ba46c7
ba46c7
* Tue Jan 08 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.0-1
ba46c7
- bump version to 1.3.0.0
ba46c7
ba46c7
* Tue Jan 08 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0-0.3.rc3
ba46c7
- bump version to 1.3.0.rc3
ba46c7
- Ticket 549 - DNA plugin no longer reports additional info when range is depleted
ba46c7
- Ticket 541 - need to set plugin as off in ldif template
ba46c7
- Ticket 541 - RootDN Access Control plugin is missing after upgrade 
ba46c7
ba46c7
* Fri Dec 14 2012 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0-0.2.rc2
ba46c7
- bump version to 1.3.0.rc2
ba46c7
- Trac Ticket #497 - Escaped character cannot be used in the substring search filter
ba46c7
- Ticket 509 - lock-free access to be->be_suffixlock
ba46c7
- Trac Ticket #522 - betxn: upgrade is not implemented yet
ba46c7
ba46c7
* Tue Dec 11 2012 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0-0.1.rc1
ba46c7
- bump version to 1.3.0.rc1
ba46c7
- Ticket #322 - Create DOAP description for the 389 Directory Server project
ba46c7
- Trac Ticket #499 - Handling URP results is not corrrect
ba46c7
- Ticket 509 - lock-free access to be->be_suffixlock
ba46c7
- Ticket 456 - improve entry cache sizing
ba46c7
- Trac Ticket #531 - loading an entry from the database should use str2entry_f
ba46c7
- Trac Ticket #536 - Clean up compiler warnings for 1.3
ba46c7
- Trac Ticket #531 - loading an entry from the database should use str2entry_fast
ba46c7
- Ticket 509 - lock-free access to be->be_suffixlock
ba46c7
- Ticket 527 - ns-slapd segfaults if it cannot rename the logs
ba46c7
- Ticket 395 - RFE: 389-ds shouldn't advertise in the rootDSE that we can handle a sasl mech if we really can't
ba46c7
- Ticket 216 - disable replication agreements
ba46c7
- Ticket 518 - dse.ldif is 0 length after server kill or machine kill
ba46c7
- Ticket 393 - Change in winSyncInterval does not take immediate effect
ba46c7
- Ticket 20 - Allow automember to work on entries that have already been added
ba46c7
- Coverity Fixes
ba46c7
- Ticket 349 - nsViewFilter syntax issue in 389DS 1.2.5
ba46c7
- Ticket 337 - improve CLEANRUV functionality
ba46c7
- Fix for ticket 504
ba46c7
- Ticket 394 - modify-delete userpassword
ba46c7
- minor fixes for bdb 4.2/4.3 and mozldap
ba46c7
- Trac Ticket #276 - Multiple threads simultaneously working on connection's private buffer causes ns-slapd to abort
ba46c7
- Fix for ticket 465: cn=monitor showing stats for other db instances
ba46c7
- Ticket 507 - use mutex for FrontendConfig lock instead of rwlock
ba46c7
- Fix for ticket 510 Avoid creating an attribute just to determine the syntax for a type, look up the syntax directly by type
ba46c7
- Coverity defect: Resource leak 13110
ba46c7
- Ticket 517 - crash in DNA if no dnaMagicRegen is specified
ba46c7
- Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry
ba46c7
- Trac Ticket #519 - Search with a complex filter including range search is slow
ba46c7
- Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error
ba46c7
- Trac Ticket #311 - IP lookup failing with multiple DNS entries
ba46c7
- Trac Ticket #447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs
ba46c7
- Trac Ticket #443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error
ba46c7
- Ticket #503 - Improve AD version in winsync log message
ba46c7
- Trac Ticket #190 - Un-resolvable server in replication agreement produces unclear error message
ba46c7
- Coverity fixes
ba46c7
- Trac Ticket #391 - Slapd crashes when deleting backends while operations are still in progress
ba46c7
- Trac Ticket #448 - Possible to set invalid macros in Macro ACIs
ba46c7
- Trac Ticket #498 - Cannot abaondon simple paged result search
ba46c7
- Coverity defects
ba46c7
- Trac Ticket #494 - slapd entered to infinite loop during new index addition
ba46c7
- Fixing compiler warnings in the posix-winsync plugin
ba46c7
- Coverity defects
ba46c7
- Ticket 147 - Internal Password Policy usage very inefficient
ba46c7
- Ticket 495 - internalModifiersname not updated by DNA plugin
ba46c7
- Revert "Ticket 495 - internalModifiersname not updated by DNA plugin"
ba46c7
- Ticket 495 - internalModifiersname not updated by DNA plugin
ba46c7
- Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h])
ba46c7
- Ticket 486 - nsslapd-enablePlugin should not be multivalued
ba46c7
- Ticket 488 - Doc: DS error log messages with typo
ba46c7
- Trac Ticket #451 - Allow db2ldif to be quiet
ba46c7
- Ticket #491 - multimaster_extop_cleanruv returns wrong error codes
ba46c7
- Ticket #481 - expand nested posix groups
ba46c7
- Trac Ticket #455 - Insufficient rights to unhashed#user#password when user deletes his password
ba46c7
- Ticket #446 - anonymous limits are being applied to directory manager
ba46c7
ba46c7
* Tue Oct 9 2012 Mark Reynolds <mareynol@redhat.com> - 1.3.0.a1-1
ba46c7
Ticket #28 	MOD operations with chained delete/add get back error 53 on backend config
ba46c7
Ticket #173 	ds-logpipe.py script's man page and script help should be updated for -t option.
ba46c7
Ticket #196 	RFE: Interpret IPV6 addresses for ACIs, replication, and chaining 
ba46c7
Ticket #218 	RFE - Make RIP working with Replicated Entries 
ba46c7
Ticket #328 	make sure all internal search filters are properly escaped 
ba46c7
Ticket #329 	389-admin build fails on F-18 with new apache 	
ba46c7
Ticket #344 	deadlock in replica_write_ruv
ba46c7
Ticket #351 	use betxn plugins by default
ba46c7
Ticket #352 	make cos, roles, views betxn aware 
ba46c7
Ticket #356 	logconv.pl - RFE - track bind info
ba46c7
Ticket #365 	Audit log - clear text password in user changes 
ba46c7
Ticket #370 	Opening merge qualifier CoS entry using RHDS console changes the entry. 
ba46c7
Ticket #372 	Setting nsslapd-listenhost or nsslapd-securelistenhost breaks ACI processing 	
ba46c7
Ticket #386 	Overconsumption of memory with large cachememsize and heavy use of ldapmodify 	
ba46c7
Ticket #402 	unhashedTicket #userTicket #password in entry extension 	
ba46c7
Ticket #408 	Create a normalized dn cache 	
ba46c7
Ticket #453 	db2index with -tattrname:type,type fails 	
ba46c7
Ticket #461 	fix build problem with mozldap c sdk 	
ba46c7
Ticket #462 	add test for include file mntent.h 	
ba46c7
Ticket #463 	different parameters of getmntent in Solaris
ba46c7
ba46c7
* Tue Sep 25 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.15-1
ba46c7
- Trac Ticket #470 - 389 prevents from adding a posixaccount with userpassword after schema reload
ba46c7
- Ticket 477 - CLEANALLRUV if there are only winsync agmts task will hang
ba46c7
- Ticket 457 - dirsrv init script returns 0 even when few or all instances fail to start
ba46c7
- Ticket 473 - change VERSION.sh to have console version be major.minor
ba46c7
- Ticket 475 - Root DN Access Control - improve value checking for config
ba46c7
- Trac Ticket #466 - entry_apply_mod - ADD: Failed to set unhashed#user#password to extension
ba46c7
- Ticket 474 - Root DN Access Control - days allowed not working correctly
ba46c7
- Ticket 467 - CLEANALLRUV abort task should be able to ignore down replicas
ba46c7
- 0b79915 fix compiler warnings in ticket 374 code
ba46c7
- Ticket 452 - automember rebuild task adds users to groups that do not match the configuration scope
ba46c7
ba46c7
* Fri Sep  7 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.14-1
ba46c7
- Ticket 450 - CLEANALLRUV task gets stuck on winsync replication agreement
ba46c7
- Ticket 386 - large memory growth with ldapmodify(heap fragmentation)
ba46c7
-  this patch doesn't fix the bug - it allows us to experiment with
ba46c7
-  different values of mxfast
ba46c7
- Ticket #374 - consumer can go into total update mode for no reason
ba46c7
ba46c7
* Tue Sep  4 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.13-1
ba46c7
- Ticket #426 - support posix schema for user and group sync
ba46c7
-   1) plugin config ldif must contain pluginid, etc. during upgrade or it
ba46c7
-      will fail due to schema errors
ba46c7
-   2) posix winsync should have a lower precedence (25) than the default (50)
ba46c7
-      so that it will be run first
ba46c7
-   3) posix winsync should support the Winsync API v3 - the v2 functions are
ba46c7
-      just stubs for now - but the precedence cb is active
ba46c7
ba46c7
* Thu Aug 30 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.12-1
ba46c7
- 8e5087a Coverity defects - 13089: Dereference after null check ldbm_back_delete
ba46c7
- Trac Ticket #437 - variable dn should not be used in ldbm_back_delete
ba46c7
- ba1f5b2 fix coverity resource leak in windows_plugin_add
ba46c7
- e3e81db Simplify program flow: change while loops to for
ba46c7
- a0d5dc0 Fix logic errors: del_mod should be latched (might not be last mod), and avoid skipping add-mods (int value 0)
ba46c7
- 0808f7e Simplify program flow: make adduids/moduids/deluids action blocks all similar
ba46c7
- 77eb760 Simplify program flow: eliminate unnecessary continue
ba46c7
- c9e9db7 Memory leaks: unmatched slapi_attr_get_valueset and slapi_value_new
ba46c7
- a4ca0cc Change "return"s in modGroupMembership to "break"s to avoid leaking
ba46c7
- d49035c Factorize into new isPosixGroup function
ba46c7
- 3b61c03 coverity - posix winsync mem leaks, null check, deadcode, null ref, use after free
ba46c7
- 33ce2a9 fix mem leaks with parent dn log message, setting winsync windows domain
ba46c7
- Ticket #440 - periodic dirsync timed event causes server to loop repeatedly
ba46c7
- Ticket #355 - winsync should not delete entry that appears to be out of scope
ba46c7
- Ticket 436 - nsds5ReplicaEnabled can be set with any invalid values.
ba46c7
- 487932d coverity - mbo dead code - winsync leaks, deadcode, null check, test code
ba46c7
- 2734a71 CLEANALLRUV coverity fixes
ba46c7
- Ticket #426 - support posix schema for user and group sync
ba46c7
- Ticket #430 - server to server ssl client auth broken with latest openldap
ba46c7
ba46c7
* Mon Aug 20 2012 Mark Reynolds <mareynol@redhat.com> - 1.2.11.11-1
ba46c7
6c0778f bumped version to 1.2.11.11
ba46c7
Ticket 429 - added nsslapd-readonly to DS schema
ba46c7
Ticket 403 - fix CLEANALLRUV regression from last commit
ba46c7
Trac Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values
ba46c7
ba46c7
* Wed Aug 15 2012 Mark Reynolds <mareynol@redhat.com> - 1.2.11.10-1
ba46c7
db6b354 bumped version to 1.2.11.10
ba46c7
Ticket 403 - CLEANALLRUV revisions
ba46c7
ba46c7
* Tue Aug 7 2012 Mark Reynolds <mareynol@redhat.com> - 1.2.11.9-1
ba46c7
ea05e69 Bumped version to 1.2.11.9
ba46c7
Ticket 407 - dna memory leak - fix crash from prev fix
ba46c7
ba46c7
* Fri Aug 3 2012 Mark Reynolds <mareynol@redhat.com> - 1.2.11.8-1
ba46c7
ddcf669 bump version to 1.2.11.8 for offical release
ba46c7
Ticket #425 - support multiple winsync plugins
ba46c7
Ticket 403 - cleanallruv coverity fixes
ba46c7
Ticket 407 - memory leak in dna plugin
ba46c7
Ticket 403 - CLEANALLRUV feature
ba46c7
Ticket 413 - "Server is unwilling to perform" when running ldapmodify on nsds5ReplicaStripAttrs
ba46c7
3168f04 Coverity defects
ba46c7
5ff0a02 COVERITY FIXES
ba46c7
Ticket #388 - Improve replication agreement status messages
ba46c7
0760116 Update the slapi-plugin documentation on new slapi functions, and added a slapi function for checking on shutdowns
ba46c7
Ticket #369 - restore of replica ldif file on second master after deleting two records shows only 1 deletion
ba46c7
Ticket #409 - Report during startup if nsslapd-cachememsize is too small
ba46c7
Ticket #412 - memberof performance enhancement
ba46c7
12813: Uninitialized pointer read string_values2keys
ba46c7
Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values
ba46c7
Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values
ba46c7
Ticket #410 - Referential integrity plug-in does not work when update interval is not zero
ba46c7
Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled
ba46c7
Ticket #405 - referint modrdn not working if case is different
ba46c7
Ticket 399 - slapi_ldap_bind() doesn't check bind results
ba46c7
ba46c7
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.11.7-2.2
ba46c7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
ba46c7
ba46c7
* Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 1.2.11.7-2.1
ba46c7
- Perl 5.16 rebuild
ba46c7
ba46c7
* Wed Jun 27 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.7-2
ba46c7
- Ticket 378 - unhashed#user#password visible after changing password
ba46c7
-  fix func declaration from previous patch
ba46c7
- Ticket 366 - Change DS to purge ticket from krb cache in case of authentication error
ba46c7
ba46c7
* Wed Jun 27 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.7-1
ba46c7
- Trac Ticket 396 - Account Usability Control Not Working
ba46c7
ba46c7
* Thu Jun 21 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.6-1
ba46c7
- Ticket #378 - audit log does not log unhashed password: enabled, by default.
ba46c7
- Ticket #378 - unhashed#user#password visible after changing password
ba46c7
- Ticket #365 - passwords in clear text in the audit log
ba46c7
ba46c7
* Tue Jun 19 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.5-2
ba46c7
- workaround for https://bugzilla.redhat.com/show_bug.cgi?id=833529
ba46c7
ba46c7
* Mon Jun 18 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.5-1
ba46c7
- Ticket #387 - managed entry sometimes doesn't delete the managed entry
ba46c7
- 5903815 improve txn test index handling
ba46c7
- Ticket #360 - ldapmodify returns Operations error - fix delete caching
ba46c7
- bcfa9e3 Coverity Fix for CLEANALLRUV
ba46c7
- Trac Ticket #335 - transaction retries need to be cache aware
ba46c7
- Ticket #389 - ADD operations not in audit log
ba46c7
- 44cdc84 fix coverity issues with uninit vals, no return checking
ba46c7
- Ticket 368 - Make the cleanAllRUV task one step
ba46c7
- Ticket #110 - RFE limiting root DN by host, IP, time of day, day of week
ba46c7
ba46c7
* Mon Jun 11 2012 Petr Pisar <ppisar@redhat.com> - 1.2.11.4-1.1
ba46c7
- Perl 5.16 rebuild
ba46c7
ba46c7
* Tue May 22 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.4-1
ba46c7
- Ticket #360 - ldapmodify returns Operations error
ba46c7
- Ticket #321 - krbExtraData is being null modified and replicated on each ssh login
ba46c7
- Trac Ticket #359 - Database RUV could mismatch the one in changelog under the stress
ba46c7
- Ticket #361: Bad DNs in ACIs can segfault ns-slapd
ba46c7
- Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object
ba46c7
- Ticket #337 - Improve CLEANRUV task
ba46c7
ba46c7
* Sat May  5 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.3-1
ba46c7
- Ticket #358 - managed entry doesn't delete linked entry
ba46c7
ba46c7
* Fri May  4 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.2-1
ba46c7
- Ticket #351 - use betxn plugins by default
ba46c7
-   revert - make no plugins betxn by default - too great a risk
ba46c7
-   for deadlocks until we can test this better
ba46c7
- Ticket #348 - crash in ldap_initialize with multiple threads
ba46c7
-   fixes PR_Init problem in ldclt
ba46c7
ba46c7
* Wed May  2 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11.1-1
ba46c7
- f227f11 Suppress alert on unavailable port with forced setup
ba46c7
- Ticket #353 - coverity 12625-12629 - leaks, dead code, unchecked return
ba46c7
- Ticket #351 - use betxn plugins by default
ba46c7
- Trac Ticket #345 - db deadlock return should not log error
ba46c7
- Ticket #348 - crash in ldap_initialize with multiple threads
ba46c7
- Ticket #214 - Adding Replication agreement should complain if required nsds5ReplicaCredentials not supplied
ba46c7
- Ticket #207 - [RFE] enable attribute that tracks when a password was last set
ba46c7
- Ticket #216 - RFE - Disable replication agreements
ba46c7
- Ticket #337 - RFE - Improve CLEANRUV functionality
ba46c7
- Ticket #326 - MemberOf plugin should work on all backends
ba46c7
- Trac Ticket #19 - Convert entryUSN plugin to transaction aware type
ba46c7
- Ticket #347 - IPA dirsvr seg-fault during system longevity test
ba46c7
- Trac Ticket #310 - Avoid calling escape_string() for logged DNs
ba46c7
- Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object
ba46c7
- Ticket #183 - passwordMaxFailure should lockout password one sooner
ba46c7
- Trac Ticket #335 - transaction retries need to be cache aware
ba46c7
- Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
ba46c7
- Ticket #325 - logconv.pl : use of getopts to parse command line options
ba46c7
- Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
ba46c7
- 554e29d Coverity Fixes
ba46c7
- Trac Ticket #46 - (additional 2) setup-ds-admin.pl does not like ipv6 only hostnames
ba46c7
- Ticket #183 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions
ba46c7
- Ticket #315 - small fix to libglobs
ba46c7
- Ticket #315 - ns-slapd exits/crashes if /var fills up
ba46c7
- Ticket #20 - Allow automember to work on entries that have already been added
ba46c7
- Trac Ticket #45 - Fine Grained Password policy: if passwordHistory is on, deleting the password fails.
ba46c7
ba46c7
* Fri Mar 30 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.11-0.1.a1
ba46c7
- 453eb97 schema def must have DESC '' - close paren must be preceded by space
ba46c7
- Trac Ticket #46 - (additional) setup-ds-admin.pl does not like ipv6 only hostnames
ba46c7
- Ticket #331 - transaction errors with db 4.3 and db 4.2
ba46c7
- Ticket #261 - Add Solaris i386
ba46c7
- Ticket #316 and Ticket #70 - add post add/mod and AD add callback hooks
ba46c7
- Ticket #324 - Sync with group attribute containing () fails
ba46c7
- Ticket #319 - ldap-agent crashes on start with signal SIGSEGV
ba46c7
- 77cacd9 coverity 12606 Logically dead code
ba46c7
- Trac Ticket #303 - make DNA range requests work with transactions
ba46c7
- Ticket #320 - allow most plugins to be betxn plugins
ba46c7
- Ticket #24 - Add nsTLS1 to the DS schema
ba46c7
- Ticket #271 - Slow shutdown when you have 100+ replication agreements
ba46c7
- TIcket #285 - compilation fixes for '--format-security'
ba46c7
- Ticket 211 - Avoid preop range requests non-DNA operations
ba46c7
- Ticket #271 - replication code cleanup
ba46c7
- Ticket 317 - RHDS fractional replication with excluded password policy attributes leads to wrong error messages.
ba46c7
- Ticket #308 - Automembership plugin fails if data and config area mixed in the plugin configuration
ba46c7
- Ticket #292 - logconv.pl reporting unindexed search with different search base than shown in access logs
ba46c7
- 6f8680a coverity 12563 Read from pointer after free (fix 2)
ba46c7
- e6a9b22 coverity 12563 Read from pointer after free
ba46c7
- 245d494 Config changes fail because of unknown attribute "internalModifiersname"
ba46c7
- Ticket #191  - Implement SO_KEEPALIVE in network calls
ba46c7
- Ticket #289 - allow betxn plugin config changes
ba46c7
- 93adf5f destroy the entry cache and dn cache in the dse post op delete callback
ba46c7
- e2532d8 init txn thread private data for all database modes
ba46c7
- Ticket #291 - cannot use & in a sasl map search filter
ba46c7
- 6bf6e79 Schema Reload crash fix
ba46c7
- 60b2d12 Fixing compiler warnings
ba46c7
- Trac Ticket #260 - 389 DS does not support multiple paging controls on a single connection
ba46c7
- Ticket #302 - use thread local storage for internalModifiersName & internalCreatorsName
ba46c7
- fdcc256 Minor bug fix introcuded by commit 69c9f3bf7dd9fe2cadd5eae0ab72ce218b78820e
ba46c7
- Ticket #306 - void function cannot return value
ba46c7
- ticket 181 - Allow PAM passthru plug-in to have multiple config entries
ba46c7
- ticket 211 - Use of uninitialized variables in ldbm_back_modify()
ba46c7
- Ticket #74 - Add schema for DNA plugin (RFE)
ba46c7
- Ticket #301 - implement transaction support using thread local storage
ba46c7
- Ticket #211 - dnaNextValue gets incremented even if the user addition fails
ba46c7
- 144af59 coverity uninit var and resource leak
ba46c7
- Trac Ticket #34 - remove-ds.pl does not remove everything
ba46c7
- Trac Ticket #169 - allow 389 to use db5
ba46c7
- bc78101 fix compiler warning in acct policy plugin
ba46c7
- Trac Ticket #84 - 389 Directory Server Unnecessary Checkpoints
ba46c7
- Trac Ticket #27 - SASL/PLAIN binds do not work
ba46c7
- Ticket #129 - Should only update modifyTimestamp/modifiersName on MODIFYops
ba46c7
- Ticket #17 - new replication optimizations
ba46c7
ba46c7
* Tue Mar 27 2012 Noriko Hosoi <nhosoi@redhat.com> - 1.2.10.4-4
ba46c7
- Ticket #46 - (revised) setup-ds-admin.pl does not like ipv6 only hostnames
ba46c7
- Ticket #66 - 389-ds-base spec file does not have a BuildRequires on gcc-c++
ba46c7
ba46c7
* Fri Mar 23 2012 Noriko Hosoi <nhosoi@redhat.com> - 1.2.10.4-3
ba46c7
- Ticket #46 - setup-ds-admin.pl does not like ipv6 only hostnames
ba46c7
ba46c7
* Wed Mar 21 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.4-2
ba46c7
- get rid of posttrans - move update code to post
ba46c7
ba46c7
* Tue Mar 13 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.4-1
ba46c7
- Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash
ba46c7
ba46c7
* Mon Mar  5 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.3-1
ba46c7
- b05139b memleak in normalize_mods2bvals
ba46c7
- c0eea24 memleak in mep_parse_config_entry
ba46c7
- 90bc9eb handle null smods
ba46c7
- Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash