From 4aa5b29fffb527963f70060cb91ad43c183aae45 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 17 2017 15:26:58 +0000 Subject: import 389-ds-base-1.3.5.10-15.el7_3 --- diff --git a/SOURCES/0056-Ticket-48133-v2-Non-tombstone-entry-which-dn-startin.patch b/SOURCES/0056-Ticket-48133-v2-Non-tombstone-entry-which-dn-startin.patch new file mode 100644 index 0000000..413632c --- /dev/null +++ b/SOURCES/0056-Ticket-48133-v2-Non-tombstone-entry-which-dn-startin.patch @@ -0,0 +1,45 @@ +From 9ba44d457cbe182a9b166bff57da0f51ff2cc75c Mon Sep 17 00:00:00 2001 +From: Ludwig Krispenz +Date: Fri, 21 Oct 2016 13:20:42 +0200 +Subject: [PATCH 56/57] Ticket 48133 v2 Non tombstone entry which dn starting + with "nsuniqueid=...," cannot be delete + +Bug Description: trying to delete a non tombstone entry fails when the generated tombstone is + added to the cache + +Fix Description: create a tombstone dn without exceptions + this is an addition to the original fix for this ticket + +https://fedorahosted.org/389/ticket/48133 + +Reviewed by: Noriko, Mark - thanks + +(cherry picked from commit f5f24729388c309210c8741e0da39428b024e4a5) +--- + ldap/servers/slapd/back-ldbm/ldbm_delete.c | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c +index f801e01..e3abb05 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c +@@ -585,14 +585,8 @@ ldbm_back_delete( Slapi_PBlock *pb ) + retval = -1; + goto error_return; + } +- if ((0 == PL_strncmp(edn + sizeof(SLAPI_ATTR_UNIQUEID), childuniqueid, strlen(childuniqueid))) && +- (*(edn + SLAPI_ATTR_UNIQUEID_LENGTH + slapi_uniqueIDSize() + 1/*=*/) == ',')) { +- /* The DN already starts with "nsuniqueid=...," */ +- tombstone_dn = slapi_ch_strdup(edn); +- } else { +- tombstone_dn = compute_entry_tombstone_dn(edn, childuniqueid); +- } +- ++ /* always create the special tombstone dn, even if it already starts with nsuniqueid */ ++ tombstone_dn = compute_entry_tombstone_dn(edn, childuniqueid); + slapi_sdn_set_ndn_byval(&nscpEntrySDN, slapi_sdn_get_ndn(slapi_entry_get_sdn(e->ep_entry))); + + /* Copy the entry unique_id for URP conflict checking */ +-- +2.4.11 + diff --git a/SOURCES/0057-Ticket-49020-do-not-treat-missing-csn-as-fatal.patch b/SOURCES/0057-Ticket-49020-do-not-treat-missing-csn-as-fatal.patch new file mode 100644 index 0000000..09f7500 --- /dev/null +++ b/SOURCES/0057-Ticket-49020-do-not-treat-missing-csn-as-fatal.patch @@ -0,0 +1,470 @@ +From b2cda86aeddd85ecb712d047824e6d25da9222a7 Mon Sep 17 00:00:00 2001 +From: Ludwig Krispenz +Date: Mon, 5 Dec 2016 09:59:38 +0100 +Subject: [PATCH 57/57] Ticket 49020 - do not treat missing csn as fatal + + This patch removes the automatic choice of an alternative csn when + the calculated anchor csn is not found. + + In that case it does no longer go to fatal state but will retry later. + + It also adds a configuration parameter to thr replication agreement to + allow to pick a "next best" anchorcsn if the original is not found to + keep replicatio going. + + Reviewed by: Noriko, William + +(cherry picked from commit a2dee8fe6faa9fef5824d7852887b21f1158284a) +--- + ldap/schema/01core389.ldif | 3 +- + ldap/servers/plugins/replication/cl5_api.c | 16 ++- + ldap/servers/plugins/replication/cl5_clcache.c | 43 ++++---- + ldap/servers/plugins/replication/cl5_clcache.h | 2 +- + ldap/servers/plugins/replication/repl5.h | 4 + + ldap/servers/plugins/replication/repl5_agmt.c | 114 +++++++++++++++++++++ + ldap/servers/plugins/replication/repl5_agmtlist.c | 13 +++ + .../plugins/replication/repl5_inc_protocol.c | 12 ++- + ldap/servers/plugins/replication/repl_globals.c | 1 + + 9 files changed, 171 insertions(+), 37 deletions(-) + +diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif +index ab07a0b..dfa4729 100644 +--- a/ldap/schema/01core389.ldif ++++ b/ldap/schema/01core389.ldif +@@ -298,6 +298,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2330 NAME 'nsslapd-logging-backend' DESC + attributeTypes: ( 2.16.840.1.113730.3.1.2331 NAME 'nsslapd-logging-hr-timestamps-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) + attributeTypes: ( 2.16.840.1.113730.3.1.2332 NAME 'allowWeakDHParam' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) + attributeTypes: ( 2.16.840.1.113730.3.1.2333 NAME 'nsds5ReplicaReleaseTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) ++attributeTypes: ( 2.16.840.1.113730.3.1.2335 NAME 'nsds5ReplicaIgnoreMissingChange' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) + # + # objectclasses + # +@@ -309,7 +310,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape d + objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) + objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ nsds5ReplicaReleaseTimeout ) X-ORIGIN 'Netscape Directory Server' ) + objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top MAY ( nstombstonecsn $ nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' ) +-objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5ReplicaFlowControlPause $ nsDS5ReplicaWaitForAsyncResults ) X-ORIGIN 'Netscape Directory Server' ) ++objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5ReplicaFlowControlPause $ nsDS5ReplicaWaitForAsyncResults $ nsds5ReplicaIgnoreMissingChange) X-ORIGIN 'Netscape Directory Server' ) + objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' ) + objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' ) + objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' ) +diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c +index 6a09aea..f8b2cea 100644 +--- a/ldap/servers/plugins/replication/cl5_api.c ++++ b/ldap/servers/plugins/replication/cl5_api.c +@@ -310,7 +310,7 @@ static int _cl5WriteBervals (struct berval **bv, char** buff, u_int32_t *size); + static PRBool _cl5ValidReplayIterator (const CL5ReplayIterator *iterator); + #endif + static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consumerRuv, +- Object *replica, Object *fileObject, CL5ReplayIterator **iterator); ++ Object *replica, Object *fileObject, CL5ReplayIterator **iterator, int *continue_on_missing); + static int _cl5CheckMissingCSN (const CSN *minCsn, const RUV *supplierRUV, CL5DBFile *file); + + /* changelog trimming */ +@@ -1536,7 +1536,7 @@ int cl5CreateReplayIteratorEx (Private_Repl_Protocol *prp, const RUV *consumerRu + /* iterate through the ruv in csn order to find first master for which + we can replay changes */ + +- rc = _cl5PositionCursorForReplay (consumerRID, consumerRuv, replica, obj, iterator); ++ rc = _cl5PositionCursorForReplay (consumerRID, consumerRuv, replica, obj, iterator, NULL); + } + else + { +@@ -1597,7 +1597,13 @@ int cl5CreateReplayIterator (Private_Repl_Protocol *prp, const RUV *consumerRuv, + /* iterate through the ruv in csn order to find first master for which + we can replay changes */ + ReplicaId consumerRID = agmt_get_consumer_rid ( prp->agmt, prp->conn ); +- rc = _cl5PositionCursorForReplay (consumerRID, consumerRuv, replica, obj, iterator); ++ int continue_on_missing = agmt_get_ignoremissing ( prp->agmt); ++ int save_cont_miss = continue_on_missing; ++ rc = _cl5PositionCursorForReplay (consumerRID, consumerRuv, replica, obj, iterator, &continue_on_missing); ++ if (save_cont_miss == 1 && continue_on_missing ==0) { ++ /* the option to continue once on a missing csn was used, rest */ ++ agmt_set_ignoremissing ( prp->agmt, 0); ++ } + } + else + { +@@ -5516,7 +5522,7 @@ struct replica_hash_entry + + + static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consumerRuv, +- Object *replica, Object *fileObj, CL5ReplayIterator **iterator) ++ Object *replica, Object *fileObj, CL5ReplayIterator **iterator, int *continue_on_missing) + { + CLC_Buffer *clcache = NULL; + CL5DBFile *file; +@@ -5560,7 +5566,7 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum + rc = clcache_get_buffer ( &clcache, file->db, consumerRID, consumerRuv, supplierRuv ); + if ( rc != 0 ) goto done; + +- rc = clcache_load_buffer (clcache, &startCSN); ++ rc = clcache_load_buffer (clcache, &startCSN, continue_on_missing); + + if (rc == 0) { + haveChanges = PR_TRUE; +diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c +index ca8b841..47789f4 100644 +--- a/ldap/servers/plugins/replication/cl5_clcache.c ++++ b/ldap/servers/plugins/replication/cl5_clcache.c +@@ -324,7 +324,7 @@ clcache_return_buffer ( CLC_Buffer **buf ) + * historic reason. + */ + int +-clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN ) ++clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss ) + { + int rc = 0; + int flag = DB_NEXT; +@@ -345,6 +345,22 @@ clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN ) + if (anchorCSN) *anchorCSN = buf->buf_current_csn; + rc = clcache_load_buffer_bulk ( buf, flag ); + ++ if (rc == DB_NOTFOUND && continue_on_miss && *continue_on_miss) { ++ /* make replication going using next best startcsn */ ++ slapi_log_error(SLAPI_LOG_FATAL, buf->buf_agmt_name, ++ "clcache_load_buffer - Can't load changelog buffer starting at CSN %s with flag(%s). " ++ "Trying to use an alterantive start CSN.\n", ++ (char*)buf->buf_key.data, ++ flag==DB_NEXT?"DB_NEXT":"DB_SET" ); ++ rc = clcache_load_buffer_bulk ( buf, DB_SET_RANGE ); ++ if (rc == 0) { ++ slapi_log_error(SLAPI_LOG_FATAL, buf->buf_agmt_name, ++ "clcache_load_buffer - Using alternative start iteration csn: %s \n", ++ (char*)buf->buf_key.data); ++ } ++ /* the use of alternative start csns can be limited, record its usage */ ++ (*continue_on_miss)--; ++ } + /* Reset some flag variables */ + if ( rc == 0 ) { + int i; +@@ -407,23 +423,6 @@ retry: + & buf->buf_key, + & buf->buf_data, + DB_SET ); +- if (rc == DB_NOTFOUND) { +- /* the start position in the changelog is not found +- * 1. log an error +- * 2. try to find another starting position as close +- * as possible +- */ +- slapi_log_error ( SLAPI_LOG_FATAL, "clcache_load_buffer_bulk", +- "changelog record with csn (%s) not found for DB_NEXT\n", +- (char *)buf->buf_key.data ); +- rc = cursor->c_get ( cursor, & buf->buf_key, & buf->buf_data, +- DB_SET_RANGE ); +- /* this moves the cursor ahead of the tageted csn, +- * so we achieved what was intended with DB_SET/DB_NEXT +- * continute at this csn. +- */ +- use_flag = DB_CURRENT; +- } + } + + /* +@@ -432,12 +431,6 @@ retry: + */ + if ( 0 == rc || DB_BUFFER_SMALL == rc ) { + rc = clcache_cursor_get ( cursor, buf, use_flag ); +- if ( rc == DB_NOTFOUND && use_flag == DB_SET) { +- slapi_log_error ( SLAPI_LOG_FATAL, "clcache_load_buffer_bulk", +- "changelog record with csn (%s) not found for DB_SET\n", +- (char *)buf->buf_key.data ); +- rc = clcache_cursor_get ( cursor, buf, DB_SET_RANGE ); +- } + } + + } +@@ -511,7 +504,7 @@ clcache_get_next_change ( CLC_Buffer *buf, void **key, size_t *keylen, void **da + * We're done with the current buffer. Now load the next chunk. + */ + if ( NULL == *key && CLC_STATE_READY == buf->buf_state ) { +- rc = clcache_load_buffer ( buf, NULL ); ++ rc = clcache_load_buffer ( buf, NULL, NULL ); + if ( 0 == rc && buf->buf_record_ptr ) { + DB_MULTIPLE_KEY_NEXT ( buf->buf_record_ptr, &buf->buf_data, + *key, *keylen, *data, *datalen ); +diff --git a/ldap/servers/plugins/replication/cl5_clcache.h b/ldap/servers/plugins/replication/cl5_clcache.h +index 75b2817..6809542 100644 +--- a/ldap/servers/plugins/replication/cl5_clcache.h ++++ b/ldap/servers/plugins/replication/cl5_clcache.h +@@ -23,7 +23,7 @@ typedef struct clc_buffer CLC_Buffer; + int clcache_init ( DB_ENV **dbenv ); + void clcache_set_config (); + int clcache_get_buffer ( CLC_Buffer **buf, DB *db, ReplicaId consumer_rid, const RUV *consumer_ruv, const RUV *local_ruv ); +-int clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN ); ++int clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN, int *continue_on_miss ); + void clcache_return_buffer ( CLC_Buffer **buf ); + int clcache_get_next_change ( CLC_Buffer *buf, void **key, size_t *keylen, void **data, size_t *datalen, CSN **csn ); + void clcache_destroy (); +diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h +index 13a38fd..6582876 100644 +--- a/ldap/servers/plugins/replication/repl5.h ++++ b/ldap/servers/plugins/replication/repl5.h +@@ -154,6 +154,7 @@ extern const char *type_replicaReleaseTimeout; + extern const char *type_replicaBackoffMin; + extern const char *type_replicaBackoffMax; + extern const char *type_replicaPrecisePurge; ++extern const char *type_replicaIgnoreMissingChange; + + /* Attribute names for windows replication agreements */ + extern const char *type_nsds7WindowsReplicaArea; +@@ -317,6 +318,7 @@ long agmt_get_busywaittime(const Repl_Agmt *ra); + long agmt_get_pausetime(const Repl_Agmt *ra); + long agmt_get_flowcontrolwindow(const Repl_Agmt *ra); + long agmt_get_flowcontrolpause(const Repl_Agmt *ra); ++long agmt_get_ignoremissing(const Repl_Agmt *ra); + int agmt_start(Repl_Agmt *ra); + int windows_agmt_start(Repl_Agmt *ra); + int agmt_stop(Repl_Agmt *ra); +@@ -339,6 +341,7 @@ int agmt_set_schedule_from_entry( Repl_Agmt *ra, const Slapi_Entry *e ); + int agmt_set_timeout_from_entry( Repl_Agmt *ra, const Slapi_Entry *e ); + int agmt_set_flowcontrolwindow_from_entry(Repl_Agmt *ra, const Slapi_Entry *e); + int agmt_set_flowcontrolpause_from_entry(Repl_Agmt *ra, const Slapi_Entry *e); ++int agmt_set_ignoremissing_from_entry(Repl_Agmt *ra, const Slapi_Entry *e); + int agmt_set_busywaittime_from_entry( Repl_Agmt *ra, const Slapi_Entry *e ); + int agmt_set_pausetime_from_entry( Repl_Agmt *ra, const Slapi_Entry *e ); + int agmt_set_credentials_from_entry( Repl_Agmt *ra, const Slapi_Entry *e ); +@@ -385,6 +388,7 @@ int agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e, char *returntext) + char **agmt_get_attrs_to_strip(Repl_Agmt *ra); + int agmt_set_attrs_to_strip(Repl_Agmt *ra, Slapi_Entry *e); + int agmt_set_timeout(Repl_Agmt *ra, long timeout); ++int agmt_set_ignoremissing(Repl_Agmt *ra, long ignoremissing); + void agmt_update_done(Repl_Agmt *ra, int is_total); + PRUint64 agmt_get_protocol_timeout(Repl_Agmt *agmt); + void agmt_set_protocol_timeout(Repl_Agmt *agmt, PRUint64 timeout); +diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c +index 52cc8b6..b089f97 100644 +--- a/ldap/servers/plugins/replication/repl5_agmt.c ++++ b/ldap/servers/plugins/replication/repl5_agmt.c +@@ -124,6 +124,7 @@ typedef struct repl5agmt { + long flowControlPause; /* When nb of not acknowledged entries overpass totalUpdateWindow + * This is the duration (in msec) that the RA will pause before sending the next entry + */ ++ long ignoreMissingChange; /* if set replication will try to continue even if change cannot be found in changelog */ + Slapi_RWLock *attr_lock; /* RW lock for all the stripped attrs */ + int WaitForAsyncResults; /* Pass to DS_Sleep(PR_MillisecondsToInterval(WaitForAsyncResults)) + * in repl5_inc_waitfor_async_results */ +@@ -137,6 +138,7 @@ static int get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, + static int agmt_set_bind_method_no_lock(Repl_Agmt *ra, const Slapi_Entry *e); + static int agmt_set_transportinfo_no_lock(Repl_Agmt *ra, const Slapi_Entry *e); + static ReplicaId agmt_maxcsn_get_rid(char *maxcsn); ++static void agmt_replica_reset_ignoremissing (const Repl_Agmt *agmt); + + /* + Schema for replication agreement: +@@ -349,6 +351,21 @@ agmt_new_from_entry(Slapi_Entry *e) + } + } + ++ /* continue on missing change ? */ ++ ra->ignoreMissingChange = 0; ++ tmpstr = slapi_entry_attr_get_charptr(e, type_replicaIgnoreMissingChange); ++ if (NULL != tmpstr) ++ { ++ if (strcasecmp(tmpstr,"off") == 0 || strcasecmp(tmpstr,"never") == 0) { ++ ra->ignoreMissingChange = 0; ++ } else if (strcasecmp(tmpstr,"on") == 0 || strcasecmp(tmpstr,"once") == 0) { ++ ra->ignoreMissingChange = 1; ++ } else if (strcasecmp(tmpstr,"always") == 0) { ++ ra->ignoreMissingChange = -1; ++ } ++ slapi_ch_free_string(&tmpstr); ++ } ++ + /* DN of entry at root of replicated area */ + tmpstr = slapi_entry_attr_get_charptr(e, type_nsds5ReplicaRoot); + if (NULL != tmpstr) +@@ -1131,6 +1148,16 @@ agmt_get_flowcontrolpause(const Repl_Agmt *ra) + PR_Unlock(ra->lock); + return return_value; + } ++long ++agmt_get_ignoremissing(const Repl_Agmt *ra) ++{ ++ long return_value; ++ PR_ASSERT(NULL != ra); ++ PR_Lock(ra->lock); ++ return_value = ra->ignoreMissingChange; ++ PR_Unlock(ra->lock); ++ return return_value; ++} + /* + * Warning - reference to the long name of the agreement is returned. + * The long name of an agreement is the DN of the agreement entry, +@@ -1996,6 +2023,48 @@ agmt_set_flowcontrolpause_from_entry(Repl_Agmt *ra, const Slapi_Entry *e) + } + return return_value; + } ++/* add comment here */ ++int ++agmt_set_ignoremissing_from_entry(Repl_Agmt *ra, const Slapi_Entry *e) ++{ ++ Slapi_Attr *sattr = NULL; ++ int return_value = -1; ++ ++ PR_ASSERT(NULL != ra); ++ PR_Lock(ra->lock); ++ if (ra->stop_in_progress) ++ { ++ PR_Unlock(ra->lock); ++ return return_value; ++ } ++ ++ slapi_entry_attr_find(e, type_replicaIgnoreMissingChange, &sattr); ++ if (NULL != sattr) ++ { ++ Slapi_Value *sval = NULL; ++ slapi_attr_first_value(sattr, &sval); ++ if (NULL != sval) ++ { ++ const char *tmpval = slapi_value_get_string(sval); ++ if (strcasecmp(tmpval,"off") == 0 || strcasecmp(tmpval,"never") == 0) { ++ ra->ignoreMissingChange = 0; ++ return_value = 0; ++ } else if (strcasecmp(tmpval,"on") == 0 || strcasecmp(tmpval,"once") == 0) { ++ ra->ignoreMissingChange = 1; ++ return_value = 0; ++ } else if (strcasecmp(tmpval,"always") == 0) { ++ ra->ignoreMissingChange = -1; ++ return_value = 0; ++ } ++ } ++ } ++ PR_Unlock(ra->lock); ++ if (return_value == 0) ++ { ++ prot_notify_agmt_changed(ra->protocol, ra->long_name); ++ } ++ return return_value; ++} + + int + agmt_set_timeout(Repl_Agmt *ra, long timeout) +@@ -2036,6 +2105,20 @@ agmt_set_flowcontrolpause(Repl_Agmt *ra, long pause) + + return 0; + } ++int ++agmt_set_ignoremissing(Repl_Agmt *ra, long ignoremissing) ++{ ++ PR_Lock(ra->lock); ++ if (ra->stop_in_progress){ ++ PR_Unlock(ra->lock); ++ return -1; ++ } ++ ra->ignoreMissingChange = ignoremissing; ++ PR_Unlock(ra->lock); ++ /* if reset to 0 update the entry */ ++ agmt_replica_reset_ignoremissing(ra); ++ return 0; ++} + + /* + * Set or reset the busywaittime +@@ -2272,6 +2355,37 @@ agmt_replica_init_done (const Repl_Agmt *agmt) + slapi_pblock_destroy (pb); + } + ++ ++/* delete nsds5replicaIgnoreMissingChange attribute */ ++static void ++agmt_replica_reset_ignoremissing (const Repl_Agmt *agmt) ++{ ++ int rc; ++ Slapi_PBlock *pb = slapi_pblock_new (); ++ LDAPMod *mods [2]; ++ LDAPMod mod; ++ ++ mods[0] = &mod; ++ mods[1] = NULL; ++ mod.mod_op = LDAP_MOD_DELETE | LDAP_MOD_BVALUES; ++ mod.mod_type = (char*)type_replicaIgnoreMissingChange; ++ mod.mod_bvalues = NULL; ++ ++ slapi_modify_internal_set_pb_ext(pb, agmt->dn, mods, NULL/* controls */, ++ NULL/* uniqueid */, repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0/* flags */); ++ slapi_modify_internal_pb (pb); ++ ++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); ++ if (rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_ATTRIBUTE) ++ { ++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmt_replica_ignoremissing: " ++ "failed to remove (%s) attribute from (%s) entry; LDAP error - %d\n", ++ type_replicaIgnoreMissingChange, slapi_sdn_get_ndn (agmt->dn), rc); ++ } ++ ++ slapi_pblock_destroy (pb); ++} ++ + /* Agreement object is acquired on behalf of the caller. + The caller is responsible for releasing the object + when it is no longer used */ +diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c +index f50862f..2e6a7de 100644 +--- a/ldap/servers/plugins/replication/repl5_agmtlist.c ++++ b/ldap/servers/plugins/replication/repl5_agmtlist.c +@@ -399,6 +399,19 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry + } + } + else if (slapi_attr_types_equivalent(mods[i]->mod_type, ++ type_replicaIgnoreMissingChange)) ++ { ++ /* New replica timeout */ ++ if (agmt_set_ignoremissing_from_entry(agmt, e) != 0) ++ { ++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmtlist_modify_callback - " ++ "Failed to update the ignorMissingChange attribute for agreement %s\n", ++ agmt_get_long_name(agmt)); ++ *returncode = LDAP_OPERATIONS_ERROR; ++ rc = SLAPI_DSE_CALLBACK_ERROR; ++ } ++ } ++ else if (slapi_attr_types_equivalent(mods[i]->mod_type, + type_nsds5ReplicaBusyWaitTime)) + { + /* New replica busywaittime */ +diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c +index d1de6c5..5ab865a 100644 +--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c ++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c +@@ -1706,16 +1706,18 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu + agmt_get_long_name(prp->agmt)); + agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, + "Data required to update replica has been purged from the changelog. " +- "The replica must be reinitialized."); +- return_value = UPDATE_FATAL_ERROR; ++ "If the error persists the replica must be reinitialized."); ++ return_value = UPDATE_TRANSIENT_ERROR; + break; + case CL5_MISSING_DATA: /* data should be in the changelog, but is missing */ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, +- "%s: Missing data encountered\n", ++ "send_updates - %s: Missing data encountered. " ++ "If the error persists the replica must be reinitialized.\n", + agmt_get_long_name(prp->agmt)); + agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, +- "Changelog data is missing"); +- return_value = UPDATE_FATAL_ERROR; ++ "Changelog data is missing. " ++ "If the error persists the replica must be reinitialized."); ++ return_value = UPDATE_TRANSIENT_ERROR; + break; + case CL5_UNKNOWN_ERROR: /* unclassified error */ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, +diff --git a/ldap/servers/plugins/replication/repl_globals.c b/ldap/servers/plugins/replication/repl_globals.c +index 8b891fb..ab85e7f 100644 +--- a/ldap/servers/plugins/replication/repl_globals.c ++++ b/ldap/servers/plugins/replication/repl_globals.c +@@ -114,6 +114,7 @@ const char *type_nsds5ReplicaStripAttrs = "nsds5ReplicaStripAttrs"; + const char* type_nsds5ReplicaFlowControlWindow = "nsds5ReplicaFlowControlWindow"; + const char* type_nsds5ReplicaFlowControlPause = "nsds5ReplicaFlowControlPause"; + const char *type_nsds5WaitForAsyncResults = "nsds5ReplicaWaitForAsyncResults"; ++const char* type_replicaIgnoreMissingChange = "nsds5ReplicaIgnoreMissingChange"; + + /* windows sync specific attributes */ + const char *type_nsds7WindowsReplicaArea = "nsds7WindowsReplicaSubtree"; +-- +2.4.11 + diff --git a/SOURCES/0058-Ticket-48964-cleanallruv-changelog-purging-removes-w.patch b/SOURCES/0058-Ticket-48964-cleanallruv-changelog-purging-removes-w.patch new file mode 100644 index 0000000..f6b2874 --- /dev/null +++ b/SOURCES/0058-Ticket-48964-cleanallruv-changelog-purging-removes-w.patch @@ -0,0 +1,209 @@ +From abd1c1d0e098dfd071ab12dad075870d88495783 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Thu, 22 Dec 2016 14:38:27 -0500 +Subject: [PATCH] Ticket 48964 - cleanallruv changelog purging removes wrong + rid + +Bug Description: A regression from the previous patch uses the local replica + object to locate the correct changelog file, but the rid to + be clean is not the same rid from the replica object. So the + local replica object's rid is used accidentally to purge the + change log. + +Fix Description: Instead if passing the replica object to the changelog purging + code, create a new purge_data struct to hold all the neccessary + data to purge the correct changelog file and the cleaned rid. + +https://fedorahosted.org/389/ticket/48964 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit a38d76d27970b5b6facf2ffbd1bce9d6979e6297) +(cherry picked from commit 4053587d5dfb9c4b4e5cd966cabb1adc624511d6) +--- + ldap/servers/plugins/replication/cl5_api.c | 54 +++++++++++++--------- + ldap/servers/plugins/replication/cl5_api.h | 2 +- + ldap/servers/plugins/replication/repl5.h | 8 ++++ + .../plugins/replication/repl5_replica_config.c | 12 ++++- + 4 files changed, 50 insertions(+), 26 deletions(-) + +diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c +index f8b2cea..66c2677 100644 +--- a/ldap/servers/plugins/replication/cl5_api.c ++++ b/ldap/servers/plugins/replication/cl5_api.c +@@ -3500,12 +3500,12 @@ static void _cl5DoTrimming () + * changelog for the backend that is being cleaned, and purge all the records + * with the cleaned rid. + */ +-static void _cl5DoPurging (Replica *replica) ++static void _cl5DoPurging (cleanruv_purge_data *purge_data) + { +- ReplicaId rid = replica_get_rid(replica); +- const Slapi_DN *sdn = replica_get_root(replica); +- const char *replName = replica_get_name(replica); +- char *replGen = replica_get_generation(replica); ++ ReplicaId rid = purge_data->cleaned_rid; ++ const Slapi_DN *suffix_sdn = purge_data->suffix_sdn; ++ const char *replName = purge_data->replName; ++ char *replGen = purge_data->replGen; + char *fileName; + Object *obj; + +@@ -3517,18 +3517,15 @@ static void _cl5DoPurging (Replica *replica) + _cl5PurgeRID (obj, rid); + object_release (obj); + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, +- "Purged rid (%d) from suffix (%s)\n", +- rid, slapi_sdn_get_dn(sdn)); ++ "_cl5DoPurging - Purged rid (%d) from suffix (%s)\n", ++ rid, slapi_sdn_get_dn(suffix_sdn)); + } else { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, +- "Purge rid (%d) failed to find changelog file (%s) for suffix (%s)\n", +- rid, fileName, slapi_sdn_get_dn(sdn)); ++ "_cl5DoPurging - Purge rid (%d) failed to find changelog file (%s) for suffix (%s)\n", ++ rid, fileName, slapi_sdn_get_dn(suffix_sdn)); + } + PR_Unlock (s_cl5Desc.dbTrim.lock); + +- slapi_ch_free_string(&replGen); +- slapi_ch_free_string(&fileName); +- + return; + } + +@@ -6983,19 +6980,27 @@ cl5CleanRUV(ReplicaId rid){ + slapi_rwlock_unlock (s_cl5Desc.stLock); + } + ++static void free_purge_data(cleanruv_purge_data *purge_data) ++{ ++ slapi_ch_free_string(&purge_data->replGen); ++ slapi_ch_free_string(&purge_data->replName); ++ slapi_ch_free((void **)&purge_data); ++} ++ + /* + * Create a thread to purge a changelog of cleaned RIDs + */ +-void trigger_cl_purging(Replica *replica){ ++void trigger_cl_purging(cleanruv_purge_data *purge_data){ + PRThread *trim_tid = NULL; + + trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_purging_thread, +- (void *)replica, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, ++ (void *)purge_data, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, + PR_UNJOINABLE_THREAD, DEFAULT_THREAD_STACKSIZE); + if (NULL == trim_tid){ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, +- "trigger_cl_purging: failed to create trimming " ++ "trigger_cl_purging: failed to create cl trimming " + "thread; NSPR error - %d\n", PR_GetError ()); ++ free_purge_data(purge_data); + } else { + /* need a little time for the thread to get started */ + DS_Sleep(PR_SecondsToInterval(1)); +@@ -7007,13 +7012,12 @@ void trigger_cl_purging(Replica *replica){ + */ + void + trigger_cl_purging_thread(void *arg){ +- Replica *replica = (Replica *)arg; ++ cleanruv_purge_data *purge_data = (cleanruv_purge_data *)arg; + + /* Make sure we have a change log, and we aren't closing it */ +- if (replica == NULL || +- s_cl5Desc.dbState == CL5_STATE_CLOSED || ++ if (s_cl5Desc.dbState == CL5_STATE_CLOSED || + s_cl5Desc.dbState == CL5_STATE_CLOSING) { +- return; ++ goto free_and_return; + } + + /* Bump the changelog thread count */ +@@ -7021,13 +7025,17 @@ trigger_cl_purging_thread(void *arg){ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "trigger_cl_purging: Abort - failed to increment thread count " + "NSPR error - %d\n", PR_GetError ()); +- return; ++ goto free_and_return; + } + + /* Purge the changelog */ +- _cl5DoPurging(replica); ++ _cl5DoPurging(purge_data); + _cl5RemoveThread(); ++ + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, +- "trigger_cl_purging: purged changelog for (%s) rid (%d)\n", +- slapi_sdn_get_dn(replica_get_root(replica)), replica_get_rid(replica)); ++ "trigger_cl_purging_thread - purged changelog for (%s) rid (%d)\n", ++ slapi_sdn_get_dn(purge_data->suffix_sdn), purge_data->cleaned_rid); ++ ++free_and_return: ++ free_purge_data(purge_data); + } +diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h +index 1a1c2f5..e33601d 100644 +--- a/ldap/servers/plugins/replication/cl5_api.h ++++ b/ldap/servers/plugins/replication/cl5_api.h +@@ -467,6 +467,6 @@ int cl5WriteRUV(); + int cl5DeleteRUV(); + void cl5CleanRUV(ReplicaId rid); + void cl5NotifyCleanup(int rid); +-void trigger_cl_purging(Replica *replica); ++void trigger_cl_purging(cleanruv_purge_data *purge_data); + + #endif +diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h +index 6582876..4ab2355 100644 +--- a/ldap/servers/plugins/replication/repl5.h ++++ b/ldap/servers/plugins/replication/repl5.h +@@ -704,6 +704,14 @@ typedef struct _cleanruv_data + char *force; + } cleanruv_data; + ++typedef struct _cleanruv_purge_data ++{ ++ int cleaned_rid; ++ const Slapi_DN *suffix_sdn; ++ char *replName; ++ char *replGen; ++} cleanruv_purge_data; ++ + /* replutil.c */ + LDAPControl* create_managedsait_control (); + LDAPControl* create_backend_control(Slapi_DN *sdn); +diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c +index 59e5298..d78d982 100644 +--- a/ldap/servers/plugins/replication/repl5_replica_config.c ++++ b/ldap/servers/plugins/replication/repl5_replica_config.c +@@ -1434,6 +1434,7 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not + Object *RUVObj; + RUV *local_ruv = NULL; + Replica *replica = (Replica*)object_get_data (r); ++ cleanruv_purge_data *purge_data; + int rc = 0; + PR_ASSERT (replica); + +@@ -1465,9 +1466,16 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not + cl5CleanRUV(rid); + + /* +- * Now purge the changelog ++ * Now purge the changelog. The purging thread will free the purge_data + */ +- trigger_cl_purging(replica); ++ if (replica){ ++ purge_data = (cleanruv_purge_data*)slapi_ch_calloc(1, sizeof(cleanruv_purge_data)); ++ purge_data->cleaned_rid = rid; ++ purge_data->suffix_sdn = replica_get_root(replica); ++ purge_data->replName = (char *)replica_get_name(replica); ++ purge_data->replGen = replica_get_generation(replica); ++ trigger_cl_purging(purge_data); ++ } + + if (rc != RUV_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc); +-- +2.7.4 + diff --git a/SOURCES/0059-Ticket-48964-should-not-free-repl-name-after-purging.patch b/SOURCES/0059-Ticket-48964-should-not-free-repl-name-after-purging.patch new file mode 100644 index 0000000..092004a --- /dev/null +++ b/SOURCES/0059-Ticket-48964-should-not-free-repl-name-after-purging.patch @@ -0,0 +1,65 @@ +From dd5fdbfea9fdd0ac6624faf6b6aa84c5861d824a Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 4 Jan 2017 09:41:38 -0500 +Subject: [PATCH 59/60] Ticket 48964 - should not free repl name after purging + changelog + +Bug Description: The previous commit for this ticket incorrectly + freed a replica struct const char. There was also + a minor converity issue. + +Fix Description: Do not free the repl_name after purging, and do + not check if "replica" is NULL when creating the + purge data. + +https://fedorahosted.org/389/ticket/48964 + +Reviewed by: tbordaz(Thanks!) + +(cherry picked from commit 017469a1a055da03fc3fb4b34a7732611b7bd2b0) +(cherry picked from commit 0929992503e143aaaa3cbfcafc4de170217ae0bc) +--- + ldap/servers/plugins/replication/cl5_api.c | 1 - + ldap/servers/plugins/replication/repl5_replica_config.c | 14 ++++++-------- + 2 files changed, 6 insertions(+), 9 deletions(-) + +diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c +index 66c2677..e72633a 100644 +--- a/ldap/servers/plugins/replication/cl5_api.c ++++ b/ldap/servers/plugins/replication/cl5_api.c +@@ -6983,7 +6983,6 @@ cl5CleanRUV(ReplicaId rid){ + static void free_purge_data(cleanruv_purge_data *purge_data) + { + slapi_ch_free_string(&purge_data->replGen); +- slapi_ch_free_string(&purge_data->replName); + slapi_ch_free((void **)&purge_data); + } + +diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c +index d78d982..d10443d 100644 +--- a/ldap/servers/plugins/replication/repl5_replica_config.c ++++ b/ldap/servers/plugins/replication/repl5_replica_config.c +@@ -1468,14 +1468,12 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not + /* + * Now purge the changelog. The purging thread will free the purge_data + */ +- if (replica){ +- purge_data = (cleanruv_purge_data*)slapi_ch_calloc(1, sizeof(cleanruv_purge_data)); +- purge_data->cleaned_rid = rid; +- purge_data->suffix_sdn = replica_get_root(replica); +- purge_data->replName = (char *)replica_get_name(replica); +- purge_data->replGen = replica_get_generation(replica); +- trigger_cl_purging(purge_data); +- } ++ purge_data = (cleanruv_purge_data*)slapi_ch_calloc(1, sizeof(cleanruv_purge_data)); ++ purge_data->cleaned_rid = rid; ++ purge_data->suffix_sdn = replica_get_root(replica); ++ purge_data->replName = (char *)replica_get_name(replica); ++ purge_data->replGen = replica_get_generation(replica); ++ trigger_cl_purging(purge_data); + + if (rc != RUV_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc); +-- +2.9.3 + diff --git a/SOURCES/0060-Ticket-49074-incompatible-nsEncryptionConfig-object-.patch b/SOURCES/0060-Ticket-49074-incompatible-nsEncryptionConfig-object-.patch new file mode 100644 index 0000000..88b156a --- /dev/null +++ b/SOURCES/0060-Ticket-49074-incompatible-nsEncryptionConfig-object-.patch @@ -0,0 +1,57 @@ +From fa0f215525e9bdfebdb0f84ab8e03b23dcb8197e Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Wed, 21 Dec 2016 16:31:48 +0100 +Subject: [PATCH 60/60] Ticket 49074 - incompatible nsEncryptionConfig object + definition prevents RHEL 7->6 schema replication + +Bug Description: + nsEncryptionConfig schema definition diverge since 1.3.x and 1.2.11.15-83. + Schema learning mechanism does not merge definition so the schema can not be pushed RHEL7->6. + This triggers schema violation errors + +Fix Description: + Defines nsTLS10, nsTLS11 and nsTLS12 attributetypes and add them to the allowed + attributes list of nsEncryptionConfig + +https://fedorahosted.org/389/ticket/49074 + +Reviewed by: Noriko Hosoi (thanks!!) + +Platforms tested: RHEL7.3 vs RHEL6.8 and RHEL6.9 + +Flag Day: no + +Doc impact: no + +(cherry picked from commit 64a425e4ea868bc1f08145490a7c8c9cf5c91581) +(cherry picked from commit 238d3c74a6a289f4af2b6fdb66173df7840ff981) +--- + ldap/schema/01core389.ldif | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif +index dfa4729..5e5f69f 100644 +--- a/ldap/schema/01core389.ldif ++++ b/ldap/schema/01core389.ldif +@@ -91,6 +91,9 @@ attributeTypes: ( nsKeyfile-oid NAME 'nsKeyfile' DESC 'Netscape defined attribut + attributeTypes: ( nsSSL2-oid NAME 'nsSSL2' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) + attributeTypes: ( nsSSL3-oid NAME 'nsSSL3' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) + attributeTypes: ( nsTLS1-oid NAME 'nsTLS1' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) ++attributeTypes: ( nsTLS10-oid NAME 'nsTLS10' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) ++attributeTypes: ( nsTLS11-oid NAME 'nsTLS11' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) ++attributeTypes: ( nsTLS12-oid NAME 'nsTLS12' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) + attributeTypes: ( sslVersionMin-oid NAME 'sslVersionMin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) + attributeTypes: ( sslVersionMax-oid NAME 'sslVersionMax' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) + attributeTypes: ( nsSSLClientAuth-oid NAME 'nsSSLClientAuth' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +@@ -314,7 +317,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC + objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' ) + objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' ) + objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' ) +-objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ allowWeakDHParam ) X-ORIGIN 'Netscape' ) ++objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ nsTLS10 $ nsTLS11 $ nsTLS12 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ allowWeakDHParam ) X-ORIGIN 'Netscape' ) + objectClasses: ( nsEncryptionModule-oid NAME 'nsEncryptionModule' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsSSLToken $ nsSSLPersonalityssl $ nsSSLActivation $ ServerKeyExtractFile $ ServerCertExtractFile ) X-ORIGIN 'Netscape' ) + objectClasses: ( 2.16.840.1.113730.3.2.327 NAME 'rootDNPluginConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( rootdn-open-time $ rootdn-close-time $ rootdn-days-allowed $ rootdn-allow-host $ rootdn-deny-host $ rootdn-allow-ip $ rootdn-deny-ip ) X-ORIGIN 'Netscape' ) + objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC 'Netscape defined objectclass' SUP top MAY ( cn $ schemaUpdateObjectclassAccept $ schemaUpdateObjectclassReject $ schemaUpdateAttributeAccept $ schemaUpdateAttributeReject) X-ORIGIN 'Netscape Directory Server' ) +-- +2.9.3 + diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec index db66f3e..02002a0 100644 --- a/SPECS/389-ds-base.spec +++ b/SPECS/389-ds-base.spec @@ -34,7 +34,7 @@ Summary: 389 Directory Server (base) Name: 389-ds-base Version: 1.3.5.10 -Release: %{?relprefix}12%{?prerel}%{?dist} +Release: %{?relprefix}15%{?prerel}%{?dist} License: GPLv3+ URL: https://port389.org/ Group: System Environment/Daemons @@ -191,6 +191,11 @@ Patch52: 0052-Ticket-48909-Replication-stops-working-in-FIPS-mode.patch Patch53: 0053-Ticket-49014-ns-accountstatus.pl-shows-wrong-status-.patch Patch54: 0054-Ticket-49009-args-debug-logging-must-be-more-restric.patch Patch55: 0055-Ticket-48328-Add-missing-dependency.patch +Patch56: 0056-Ticket-48133-v2-Non-tombstone-entry-which-dn-startin.patch +Patch57: 0057-Ticket-49020-do-not-treat-missing-csn-as-fatal.patch +Patch58: 0058-Ticket-48964-cleanallruv-changelog-purging-removes-w.patch +Patch59: 0059-Ticket-48964-should-not-free-repl-name-after-purging.patch +Patch60: 0060-Ticket-49074-incompatible-nsEncryptionConfig-object-.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes @@ -332,6 +337,11 @@ cp %{SOURCE2} README.devel %patch53 -p1 %patch54 -p1 %patch55 -p1 +%patch56 -p1 +%patch57 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 %build %if %{use_nunc_stans} @@ -569,6 +579,20 @@ fi %{_sysconfdir}/%{pkgname}/dirsrvtests %changelog +* Wed Jan 4 2017 Noriko Hosoi - 1.3.5.10-15 +- Release 1.3.5.10-15 +- Resolves: bug 1402325 - do not treat missing csn as fatal (DS 48964) +- Resolves: bug 1410080 - incompatible nsEncryptionConfig object definition prevents RHEL 7->6 schema replication (DS 49074) + +* Fri Dec 23 2016 Noriko Hosoi - 1.3.5.10-14 +- Release 1.3.5.10-14 +- Resolves: bug 1402325 - do not treat missing csn as fatal (DS 48964) + +* Mon Dec 12 2016 Noriko Hosoi - 1.3.5.10-13 +- Release 1.3.5.10-13 +- Resolves: bug 1402030 - Non tombstone entry which dn starting with "nsuniqueid=...," cannot be deleted (DS 48133) +- Resolves: bug 1402325 - do not treat missing csn as fatal (DS 49020) + * Mon Oct 31 2016 Noriko Hosoi - 1.3.5.10-12 - Release 1.3.5.10-12 - Resolves: bug 1384785 - Replica install fails with old IPA master sometimes during replication process (DS 48992)