From 3fe9c0d4933a2df8f4653cdad779c9b31769b789 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 31 2016 14:24:26 +0000 Subject: import 389-ds-base-1.3.4.0-29.el7_2 --- diff --git a/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch b/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch new file mode 100644 index 0000000..5cfe33f --- /dev/null +++ b/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch @@ -0,0 +1,72 @@ +From c92cbe6a93a7933abc59b2fe4bf96a32aff2c6d8 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Tue, 9 Feb 2016 16:12:07 -0800 +Subject: [PATCH 84/86] Ticket #48536 - Crash in slapi_get_object_extension + +Description: The crashed was caused by the combination of psearch and +updating one of these group values: groupOfNames, groupOfUniqueNames, +groupOfCertificates, groupOfURL. + +In the psearch, it creates aclpb in the acl plug-in and sets the original +pblock address in the aclpb. Then, psearch creates a copy of the pblock and +sets it in the psearch structure. Now, the pblock address in aclpb and the +pblock address in the psearch structure do not match. The original pblock +itself is freed and the pblock area which address is stored in aclpb is not +guaranteed what is in it. + +If nothing occurs, the freed pblock in aclpb is not accessed. But once one +of the group values is updated, the acl plug-in signature is updated and it +triggers to get aclpb from the pblock. + +The acl_get_aclpb call accesses the freed pblock (e.g., NULL op) and it +crashes the server. + +This patch checks the current pblock address and the pblock address in aclpb. +If they don't match, the address in aclpb is reassigned to the current pblock +address. + +https://fedorahosted.org/389/ticket/48536 + +Reviewed by mreynolds@redhat.com (Thank you, Mark!!) + +(cherry picked from commit 091a5f5daf3fa378f029e293c5358ae9be9f548e) +(cherry picked from commit 8a83a93977f13db36e42798a5eed041c1b3868a9) +--- + ldap/servers/plugins/acl/acl.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c +index 678a999..d56bed6 100644 +--- a/ldap/servers/plugins/acl/acl.c ++++ b/ldap/servers/plugins/acl/acl.c +@@ -317,6 +317,13 @@ acl_access_allowed( + goto cleanup_and_ret; + } + ++ if (pb != aclpb->aclpb_pblock) { ++ slapi_log_error(SLAPI_LOG_FATAL, plugin_name, ++ "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n", ++ aclpb->aclpb_pblock, pb); ++ aclpb->aclpb_pblock = pb; ++ } ++ + if ( !aclpb->aclpb_curr_entry_sdn ) { + slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, "NULL aclpb_curr_entry_sdn \n" ); + ret_val = LDAP_OPERATIONS_ERROR; +@@ -932,6 +939,13 @@ acl_read_access_allowed_on_entry ( + tnf_string,end,"aclpb error"); + return LDAP_OPERATIONS_ERROR; + } ++ ++ if (pb != aclpb->aclpb_pblock) { ++ slapi_log_error(SLAPI_LOG_ACL, plugin_name, ++ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n", ++ aclpb->aclpb_pblock, pb); ++ aclpb->aclpb_pblock = pb; ++ } + + /* + * Am I a anonymous dude ? then we can use our anonympous profile +-- +2.4.3 + diff --git a/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch b/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch new file mode 100644 index 0000000..899493b --- /dev/null +++ b/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch @@ -0,0 +1,42 @@ +From ac782ed2990d5d8149c6796aa9aaf03044ad1446 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Wed, 10 Feb 2016 13:45:50 -0800 +Subject: [PATCH 85/86] Ticket #48536 - Crash in slapi_get_object_extension + +Description: commit 091a5f5daf3fa378f029e293c5358ae9be9f548e introduced +a compier warning: format '%x' expects argument of type 'unsigned int', +but argument 4 has type 'Slapi_PBlock * {aka struct slapi_pblock *} + +Replacing '%x' with '%p'. + +(cherry picked from commit b31749f2a0bed838712719b2e6533bed0a4144e0) +(cherry picked from commit 7fb593fe56dbbce06f707bd9807bf14748273ea2) +--- + ldap/servers/plugins/acl/acl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c +index d56bed6..7b7fea1 100644 +--- a/ldap/servers/plugins/acl/acl.c ++++ b/ldap/servers/plugins/acl/acl.c +@@ -319,7 +319,7 @@ acl_access_allowed( + + if (pb != aclpb->aclpb_pblock) { + slapi_log_error(SLAPI_LOG_FATAL, plugin_name, +- "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n", ++ "acl_access_allowed: Resetting aclpb_pblock %p to pblock addr %p\n", + aclpb->aclpb_pblock, pb); + aclpb->aclpb_pblock = pb; + } +@@ -942,7 +942,7 @@ acl_read_access_allowed_on_entry ( + + if (pb != aclpb->aclpb_pblock) { + slapi_log_error(SLAPI_LOG_ACL, plugin_name, +- "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n", ++ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock %p to pblock addr %p\n", + aclpb->aclpb_pblock, pb); + aclpb->aclpb_pblock = pb; + } +-- +2.4.3 + diff --git a/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch b/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch new file mode 100644 index 0000000..a38c3c5 --- /dev/null +++ b/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch @@ -0,0 +1,52 @@ +From 9e58aecdd4265759a1c9aac2817da858849f08a1 Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Wed, 10 Feb 2016 15:17:02 +0100 +Subject: [PATCH 86/86] Ticket 48445: keep alive entries can break replication + +Bug Description: + On the consumer side, at the end of a total update the replica is enabled and the changelog recreated. + When the replica is enabled the keep alive entry (for that replica) is created . + There is a race condition (that look quite systematic in our tests) if the creation of the entry is added to the changelog + before the changelog is recreated. + In that case the ADD is erased from the CL and will never be replicated. + + The keep alive entry is created (if it does not already exist) : + - during a total update (as supplier) + - when the keep alive is updated + - when the replica is enabled + +Fix Description: + It is not strictly necessary to create the keep alive when the replica is enabled. + So we can skip the creation during that step. + +https://fedorahosted.org/389/ticket/48445 + +Reviewed by: Mark Reynolds (thank you Mark) + +Platforms tested: F23 + +Flag Day: no + +Doc impact: no + +(cherry picked from commit 71a891f0dcfd1aafeb3913279d42e33ed2355312) +(cherry picked from commit 02af085c2a9c23536c8d276ee35794ec6efc81f5) +--- + ldap/servers/plugins/replication/repl5_replica.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c +index 8b53f3c..31c5f0f 100644 +--- a/ldap/servers/plugins/replication/repl5_replica.c ++++ b/ldap/servers/plugins/replication/repl5_replica.c +@@ -3972,7 +3972,6 @@ replica_enable_replication (Replica *r) + /* What to do ? */ + } + +- replica_subentry_check(r->repl_root, replica_get_rid(r)); + /* Replica came back online, Check if the total update was terminated. + If flag is still set, it was not terminated, therefore the data is + very likely to be incorrect, and we should not restart Replication threads... +-- +2.4.3 + diff --git a/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch b/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch new file mode 100644 index 0000000..be909d2 --- /dev/null +++ b/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch @@ -0,0 +1,49 @@ +From 202bac76ade2dcff8318f545fbccdecaec3bdde8 Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Tue, 1 Mar 2016 11:14:54 +0100 +Subject: [PATCH] Ticket 48420: change severity of some messages related to + "keep alive" entries + +Bug Description: + "keep alive" entries are used to prevent fractional replication + to evaluate several times the same skipped updates. (see https://fedorahosted.org/389/ticket/48266) + + This entry is created on the fly when two many evaluated + updates have been skipped. This is a quite common situation + and the creation of such entry is not a FATAL error + +Fix Description: + Change the log level to replication level + +https://fedorahosted.org/389/ticket/48420 + +Reviewed by: Ludwig Krispenz (thanks Ludwig) + +Platforms tested: F17 + +Flag Day: no + +Doc impact: no + +(cherry picked from commit 6788445974404398bc02da8fa105b06514e8a450) +(cherry picked from commit 17bb0688b9249693da0bda239fb7c3b35aa8e1c9) +--- + ldap/servers/plugins/replication/repl5_replica.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c +index 31c5f0f..c7cf25f 100644 +--- a/ldap/servers/plugins/replication/repl5_replica.c ++++ b/ldap/servers/plugins/replication/repl5_replica.c +@@ -492,7 +492,7 @@ replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid) + "Need to create replication keep alive entry \n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root)); + rc = replica_subentry_create(repl_root, rid); + } else { +- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, ++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "replication keep alive entry already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root)); + rc = 0; + } +-- +2.4.3 + diff --git a/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch b/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch new file mode 100644 index 0000000..933cadf --- /dev/null +++ b/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch @@ -0,0 +1,31 @@ +From 3bc24e232913684830edb2e029d1695f3470308e Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Tue, 8 Mar 2016 14:52:37 -0800 +Subject: [PATCH] Ticket #48757 - License tag does not match actual license of + code + +Fix Description: License tag in the spec file was updated to match the +actual license of code. + +(cherry picked from commit 415d8553eddfe9b19fd9b8d8be9b934bf75a5765) +(cherry picked from commit c9bd68813c658e1caeaba9ee2c2aef62f0cc6dd6) +--- + rpm/389-ds-base.spec.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in +index b7556e1..8bbd979 100644 +--- a/rpm/389-ds-base.spec.in ++++ b/rpm/389-ds-base.spec.in +@@ -33,7 +33,7 @@ Name: 389-ds-base + Version: __VERSION__ + #Release: %{?relprefix}1%{?prerel}%{?dist} + Release: __RELEASE__%{?dist} +-License: GPLv2 with exceptions ++License: GPLv3+ + URL: http://port389.org/ + Group: System Environment/Daemons + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +-- +2.4.3 + diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec index fbc9ba2..08b39f4 100644 --- a/SPECS/389-ds-base.spec +++ b/SPECS/389-ds-base.spec @@ -34,8 +34,8 @@ Summary: 389 Directory Server (base) Name: 389-ds-base Version: 1.3.4.0 -Release: %{?relprefix}26%{?prerel}%{?dist} -License: GPLv2 with exceptions +Release: %{?relprefix}29%{?prerel}%{?dist} +License: GPLv3+ URL: http://port389.org/ Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -206,6 +206,11 @@ Patch79: 0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patc Patch80: 0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch Patch81: 0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch Patch82: 0083-Ticket-48341-deadlock-on-connection-mutex.patch +Patch83: 0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch +Patch84: 0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch +Patch85: 0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch +Patch86: 0087-Ticket-48420-change-severity-of-some-messages-relate.patch +Patch87: 0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes @@ -352,6 +357,11 @@ cp %{SOURCE2} README.devel %patch80 -p1 %patch81 -p1 %patch82 -p1 +%patch83 -p1 +%patch84 -p1 +%patch85 -p1 +%patch86 -p1 +%patch87 -p1 %build %if %{use_nunc_stans} @@ -546,6 +556,19 @@ fi %endif %changelog +* Thu Mar 10 2016 Noriko Hosoi - 1.3.4.0-29 +- release 1.3.4.0-29 +- Resolves: bug 1316552 - License tag does not match actual license of code (DS 48757) + +* Tue Mar 8 2016 Noriko Hosoi - 1.3.4.0-28 +- release 1.3.4.0-28 +- Resolves: bug 1315181 - change severity of some messages related to "keep alive" entries (DS 48420) + +* Fri Feb 19 2016 Noriko Hosoi - 1.3.4.0-27 +- release 1.3.4.0-27 +- Resolves: bug 1309963 - keep alive entries can break replication (DS 48445) +- Resolves: bug 1309964 - Crash in slapi_get_object_extension (DS 48536) + * Mon Jan 25 2016 Noriko Hosoi - 1.3.4.0-26 - release 1.3.4.0-26 - Resolves: bug 1299346 - deadlock on connection mutex (DS 48341)