diff --git a/.389-ds-base.metadata b/.389-ds-base.metadata new file mode 100644 index 0000000..8648fda --- /dev/null +++ b/.389-ds-base.metadata @@ -0,0 +1,2 @@ +bb047a562479b91b3a0ef66b45aaee5e43bddac9 SOURCES/389-ds-base-2.0.8.tar.bz2 +9e06b5cc57fd185379d007696da153893cf73e30 SOURCES/jemalloc-5.2.1.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7738aab --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/389-ds-base-2.0.8.tar.bz2 +SOURCES/jemalloc-5.2.1.tar.bz2 diff --git a/SOURCES/0001-Issue-4884-server-crashes-when-dnaInterval-attribute.patch b/SOURCES/0001-Issue-4884-server-crashes-when-dnaInterval-attribute.patch new file mode 100644 index 0000000..872378b --- /dev/null +++ b/SOURCES/0001-Issue-4884-server-crashes-when-dnaInterval-attribute.patch @@ -0,0 +1,44 @@ +From 6e21d41f5d9f6437c00dd0150654415b172e391a Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 25 Aug 2021 16:54:57 -0400 +Subject: [PATCH 1/3] Issue 4884 - server crashes when dnaInterval attribute is + set to zero + +Bug Description: + +A division by zero crash occurs if the dnaInterval is set to zero + +Fix Description: + +Validate the config value of dnaInterval and adjust it to the +default/safe value of "1" if needed. + +relates: https://github.com/389ds/389-ds-base/issues/4884 + +Reviewed by: tbordaz(Thanks!) +--- + ldap/servers/plugins/dna/dna.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c +index 928a3f54a..c983ebdd0 100644 +--- a/ldap/servers/plugins/dna/dna.c ++++ b/ldap/servers/plugins/dna/dna.c +@@ -1025,7 +1025,14 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry *e, int apply) + + value = slapi_entry_attr_get_charptr(e, DNA_INTERVAL); + if (value) { ++ errno = 0; + entry->interval = strtoull(value, 0, 0); ++ if (entry->interval == 0 || errno == ERANGE) { ++ slapi_log_err(SLAPI_LOG_WARNING, DNA_PLUGIN_SUBSYSTEM, ++ "dna_parse_config_entry - Invalid value for dnaInterval (%s), " ++ "Using default value of 1\n", value); ++ entry->interval = 1; ++ } + slapi_ch_free_string(&value); + } + +-- +2.31.1 + diff --git a/SOURCES/0002-Issue-4894-IPA-failure-in-ipa-user-del-preserve-4907.patch b/SOURCES/0002-Issue-4894-IPA-failure-in-ipa-user-del-preserve-4907.patch new file mode 100644 index 0000000..f274d36 --- /dev/null +++ b/SOURCES/0002-Issue-4894-IPA-failure-in-ipa-user-del-preserve-4907.patch @@ -0,0 +1,296 @@ +From faab51b0d14bdf7af013abdd7937f47cc0eb5cdc Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Fri, 10 Sep 2021 14:17:41 -0700 +Subject: [PATCH] Issue 4894 - IPA failure in ipa user-del --preserve (#4907) + +Bug Description: Starting with 389-ds 2.0.8 on rawhide, +any call to ipa user-del --preserve fails with +This entry already exists. + +Fix Description: We should split 'dn' parameter in searchAllSubtrees +into parent and target. As one of them is used for excluding the +subtree checks and another one for searching. +Improve 'superior' processing when we don't change the parent. +Rename variables in a more sane way. + +Fixes: https://github.com/389ds/389-ds-base/issues/4894 + +Reviewed by: @Firstyear, @tbordaz, @progier389 (Thanks!) +--- + ldap/servers/plugins/uiduniq/uid.c | 78 +++++++++++++++--------------- + 1 file changed, 39 insertions(+), 39 deletions(-) + +diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c +index 9924623a7..5b763b551 100644 +--- a/ldap/servers/plugins/uiduniq/uid.c ++++ b/ldap/servers/plugins/uiduniq/uid.c +@@ -770,13 +770,13 @@ search_one_berval(Slapi_DN *baseDN, const char **attrNames, const struct berval + * + * Return: + * LDAP_SUCCESS - no matches, or the attribute matches the +- * target dn. ++ * source (target) dn. + * LDAP_CONSTRAINT_VIOLATION - an entry was found that already + * contains the attribute value. + * LDAP_OPERATIONS_ERROR - a server failure. + */ + static int +-searchAllSubtrees(Slapi_DN **subtrees, Slapi_DN **exclude_subtrees, const char **attrNames, Slapi_Attr *attr, struct berval **values, const char *requiredObjectClass, Slapi_DN *dn, PRBool unique_in_all_subtrees) ++searchAllSubtrees(Slapi_DN **subtrees, Slapi_DN **exclude_subtrees, const char **attrNames, Slapi_Attr *attr, struct berval **values, const char *requiredObjectClass, Slapi_DN *destinationSDN, Slapi_DN *sourceSDN, PRBool unique_in_all_subtrees) + { + int result = LDAP_SUCCESS; + int i; +@@ -788,12 +788,12 @@ searchAllSubtrees(Slapi_DN **subtrees, Slapi_DN **exclude_subtrees, const char * + * are unique in all the monitored subtrees + */ + +- /* First check the target entry is in one of ++ /* First check the destination entry is in one of + * the monitored subtree, so adding 'values' would + * violate constraint + */ + for (i = 0; subtrees && subtrees[i]; i++) { +- if (slapi_sdn_issuffix(dn, subtrees[i])) { ++ if (slapi_sdn_issuffix(destinationSDN, subtrees[i])) { + in_a_subtree = PR_TRUE; + break; + } +@@ -808,7 +808,7 @@ searchAllSubtrees(Slapi_DN **subtrees, Slapi_DN **exclude_subtrees, const char * + if (exclude_subtrees != NULL) { + PRBool in_a_subtree = PR_FALSE; + for (i = 0; exclude_subtrees && exclude_subtrees[i]; i++) { +- if (slapi_sdn_issuffix(dn, exclude_subtrees[i])) { ++ if (slapi_sdn_issuffix(destinationSDN, exclude_subtrees[i])) { + in_a_subtree = PR_TRUE; + break; + } +@@ -820,7 +820,7 @@ searchAllSubtrees(Slapi_DN **subtrees, Slapi_DN **exclude_subtrees, const char * + + /* + * For each DN in the managed list, do uniqueness checking if +- * the target DN is a subnode in the tree. ++ * the destination (target) DN is a subnode in the tree. + */ + for (i = 0; subtrees && subtrees[i]; i++) { + Slapi_DN *sufdn = subtrees[i]; +@@ -828,8 +828,8 @@ searchAllSubtrees(Slapi_DN **subtrees, Slapi_DN **exclude_subtrees, const char * + * The DN should already be normalized, so we don't have to + * worry about that here. + */ +- if (unique_in_all_subtrees || slapi_sdn_issuffix(dn, sufdn)) { +- result = search(sufdn, attrNames, attr, values, requiredObjectClass, dn, exclude_subtrees); ++ if (unique_in_all_subtrees || slapi_sdn_issuffix(destinationSDN, sufdn)) { ++ result = search(sufdn, attrNames, attr, values, requiredObjectClass, sourceSDN, exclude_subtrees); + if (result) + break; + } +@@ -903,20 +903,20 @@ getArguments(Slapi_PBlock *pb, char **attrName, char **markerObjectClass, char * + * + * Return: + * LDAP_SUCCESS - no matches, or the attribute matches the +- * target dn. ++ * source (target) dn. + * LDAP_CONSTRAINT_VIOLATION - an entry was found that already + * contains the attribute value. + * LDAP_OPERATIONS_ERROR - a server failure. + */ + static int +-findSubtreeAndSearch(Slapi_DN *parentDN, const char **attrNames, Slapi_Attr *attr, struct berval **values, const char *requiredObjectClass, Slapi_DN *target, const char *markerObjectClass, Slapi_DN **excludes) ++findSubtreeAndSearch(Slapi_DN *destinationSDN, const char **attrNames, Slapi_Attr *attr, struct berval **values, const char *requiredObjectClass, Slapi_DN *sourceSDN, const char *markerObjectClass, Slapi_DN **excludes) + { + int result = LDAP_SUCCESS; + Slapi_PBlock *spb = NULL; + Slapi_DN *curpar = slapi_sdn_new(); + Slapi_DN *newpar = NULL; + +- slapi_sdn_get_parent(parentDN, curpar); ++ slapi_sdn_get_parent(destinationSDN, curpar); + while (slapi_sdn_get_dn(curpar) != NULL) { + if ((spb = dnHasObjectClass(curpar, markerObjectClass))) { + freePblock(spb); +@@ -925,7 +925,7 @@ findSubtreeAndSearch(Slapi_DN *parentDN, const char **attrNames, Slapi_Attr *att + * to have the attribute already. + */ + result = search(curpar, attrNames, attr, values, requiredObjectClass, +- target, excludes); ++ sourceSDN, excludes); + break; + } + newpar = slapi_sdn_new(); +@@ -964,7 +964,7 @@ preop_add(Slapi_PBlock *pb) + int err; + char *markerObjectClass = NULL; + char *requiredObjectClass = NULL; +- Slapi_DN *sdn = NULL; ++ Slapi_DN *targetSDN = NULL; + int isupdatedn; + Slapi_Entry *e; + Slapi_Attr *attr; +@@ -998,16 +998,16 @@ preop_add(Slapi_PBlock *pb) + attr_friendly = config->attr_friendly; + + /* +- * Get the target DN for this add operation ++ * Get the target SDN for this add operation + */ +- err = slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn); ++ err = slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &targetSDN); + if (err) { + result = uid_op_error(51); + break; + } + + #ifdef DEBUG +- slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "preop_add - ADD target=%s\n", slapi_sdn_get_dn(sdn)); ++ slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "preop_add - ADD target=%s\n", slapi_sdn_get_dn(targetSDN)); + #endif + + /* +@@ -1040,13 +1040,13 @@ preop_add(Slapi_PBlock *pb) + */ + if (NULL != markerObjectClass) { + /* Subtree defined by location of marker object class */ +- result = findSubtreeAndSearch(sdn, attrNames, attr, NULL, +- requiredObjectClass, sdn, ++ result = findSubtreeAndSearch(targetSDN, attrNames, attr, NULL, ++ requiredObjectClass, targetSDN, + markerObjectClass, config->exclude_subtrees); + } else { + /* Subtrees listed on invocation line */ + result = searchAllSubtrees(config->subtrees, config->exclude_subtrees, attrNames, attr, NULL, +- requiredObjectClass, sdn, config->unique_in_all_subtrees); ++ requiredObjectClass, targetSDN, targetSDN, config->unique_in_all_subtrees); + } + if (result != LDAP_SUCCESS) { + break; +@@ -1120,7 +1120,7 @@ preop_modify(Slapi_PBlock *pb) + int modcount = 0; + int ii; + LDAPMod *mod; +- Slapi_DN *sdn = NULL; ++ Slapi_DN *targetSDN = NULL; + int isupdatedn; + int i = 0; + +@@ -1186,8 +1186,8 @@ preop_modify(Slapi_PBlock *pb) + break; /* no mods to check, we are done */ + } + +- /* Get the target DN */ +- err = slapi_pblock_get(pb, SLAPI_MODIFY_TARGET_SDN, &sdn); ++ /* Get the target SDN */ ++ err = slapi_pblock_get(pb, SLAPI_MODIFY_TARGET_SDN, &targetSDN); + if (err) { + result = uid_op_error(11); + break; +@@ -1197,7 +1197,7 @@ preop_modify(Slapi_PBlock *pb) + * Check if it has the required object class + */ + if (requiredObjectClass && +- !(spb = dnHasObjectClass(sdn, requiredObjectClass))) { ++ !(spb = dnHasObjectClass(targetSDN, requiredObjectClass))) { + break; + } + +@@ -1213,13 +1213,13 @@ preop_modify(Slapi_PBlock *pb) + mod = checkmods[ii]; + if (NULL != markerObjectClass) { + /* Subtree defined by location of marker object class */ +- result = findSubtreeAndSearch(sdn, attrNames, NULL, ++ result = findSubtreeAndSearch(targetSDN, attrNames, NULL, + mod->mod_bvalues, requiredObjectClass, +- sdn, markerObjectClass, config->exclude_subtrees); ++ targetSDN, markerObjectClass, config->exclude_subtrees); + } else { + /* Subtrees listed on invocation line */ + result = searchAllSubtrees(config->subtrees, config->exclude_subtrees, attrNames, NULL, +- mod->mod_bvalues, requiredObjectClass, sdn, config->unique_in_all_subtrees); ++ mod->mod_bvalues, requiredObjectClass, targetSDN, targetSDN, config->unique_in_all_subtrees); + } + } + END +@@ -1271,8 +1271,8 @@ preop_modrdn(Slapi_PBlock *pb) + int err; + char *markerObjectClass = NULL; + char *requiredObjectClass = NULL; +- Slapi_DN *sdn = NULL; +- Slapi_DN *superior; ++ Slapi_DN *sourceSDN = NULL; ++ Slapi_DN *destinationSDN; + char *rdn; + int deloldrdn = 0; + int isupdatedn; +@@ -1311,14 +1311,14 @@ preop_modrdn(Slapi_PBlock *pb) + } + + /* Get the DN of the entry being renamed */ +- err = slapi_pblock_get(pb, SLAPI_MODRDN_TARGET_SDN, &sdn); ++ err = slapi_pblock_get(pb, SLAPI_MODRDN_TARGET_SDN, &sourceSDN); + if (err) { + result = uid_op_error(31); + break; + } + + /* Get superior value - unimplemented in 3.0/4.0/5.0 DS */ +- err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &superior); ++ err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &destinationSDN); + if (err) { + result = uid_op_error(32); + break; +@@ -1326,11 +1326,11 @@ preop_modrdn(Slapi_PBlock *pb) + + /* + * No superior means the entry is just renamed at +- * its current level in the tree. Use the target DN for ++ * its current level in the tree. Use the source SDN for + * determining which managed tree this belongs to + */ +- if (!superior) +- superior = sdn; ++ if (!destinationSDN) ++ slapi_sdn_get_parent(sourceSDN, destinationSDN); + + /* Get the new RDN - this has the attribute values */ + err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWRDN, &rdn); +@@ -1352,10 +1352,10 @@ preop_modrdn(Slapi_PBlock *pb) + + /* Get the entry that is being renamed so we can make a dummy copy + * of what it will look like after the rename. */ +- err = slapi_search_get_entry(&entry_pb, sdn, NULL, &e, plugin_identity); ++ err = slapi_search_get_entry(&entry_pb, sourceSDN, NULL, &e, plugin_identity); + if (err != LDAP_SUCCESS) { + result = uid_op_error(35); +- /* We want to return a no such object error if the target doesn't exist. */ ++ /* We want to return a no such object error if the source SDN doesn't exist. */ + if (err == LDAP_NO_SUCH_OBJECT) { + result = err; + } +@@ -1364,7 +1364,7 @@ preop_modrdn(Slapi_PBlock *pb) + + /* Apply the rename operation to the dummy entry. */ + /* slapi_entry_rename does not expect rdn normalized */ +- err = slapi_entry_rename(e, rdn, deloldrdn, superior); ++ err = slapi_entry_rename(e, rdn, deloldrdn, destinationSDN); + if (err != LDAP_SUCCESS) { + result = uid_op_error(36); + break; +@@ -1392,13 +1392,13 @@ preop_modrdn(Slapi_PBlock *pb) + */ + if (NULL != markerObjectClass) { + /* Subtree defined by location of marker object class */ +- result = findSubtreeAndSearch(slapi_entry_get_sdn(e), attrNames, attr, NULL, +- requiredObjectClass, superior, ++ result = findSubtreeAndSearch(destinationSDN, attrNames, attr, NULL, ++ requiredObjectClass, sourceSDN, + markerObjectClass, config->exclude_subtrees); + } else { + /* Subtrees listed on invocation line */ + result = searchAllSubtrees(config->subtrees, config->exclude_subtrees, attrNames, attr, NULL, +- requiredObjectClass, superior, config->unique_in_all_subtrees); ++ requiredObjectClass, destinationSDN, sourceSDN, config->unique_in_all_subtrees); + } + if (result != LDAP_SUCCESS) { + break; +-- +2.31.1 + diff --git a/SOURCES/0003-Issue-4169-backport-lib389-cert-list-fix.patch b/SOURCES/0003-Issue-4169-backport-lib389-cert-list-fix.patch new file mode 100644 index 0000000..1d851a6 --- /dev/null +++ b/SOURCES/0003-Issue-4169-backport-lib389-cert-list-fix.patch @@ -0,0 +1,40 @@ +From 91b90f583bf4046325438954523c78ea4f33d607 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Fri, 10 Sep 2021 09:39:57 -0400 +Subject: [PATCH] Issue 4169 - backport lib389 cert list fix + +Description: We didn't call ensure_str() on the output from certutil +commands + +relates: https://github.com/389ds/389-ds-base/issues/4169 + +Reviewed by: mreynolds(one line commit rule) +--- + src/lib389/lib389/nss_ssl.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py +index 1cd2768f1..6dc0c26d3 100644 +--- a/src/lib389/lib389/nss_ssl.py ++++ b/src/lib389/lib389/nss_ssl.py +@@ -325,7 +325,7 @@ only. + ] + self.log.debug("nss cmd: %s", format_cmd_list(cmd)) + try: +- certdetails = check_output(cmd, stderr=subprocess.STDOUT, encoding='utf-8') ++ certdetails = ensure_str(check_output(cmd, stderr=subprocess.STDOUT, encoding='utf-8')) + except subprocess.CalledProcessError as e: + raise ValueError(e.output.decode('utf-8').rstrip()) + end_date_str = certdetails.split("Not After : ")[1].split("\n")[0] +@@ -905,7 +905,7 @@ only. + except subprocess.CalledProcessError as e: + raise ValueError(e.output.decode('utf-8').rstrip()) + +- return result ++ return ensure_str(result) + + + def get_cert_details(self, nickname): +-- +2.31.1 + diff --git a/SOURCES/389-ds-base-devel.README b/SOURCES/389-ds-base-devel.README new file mode 100644 index 0000000..190c874 --- /dev/null +++ b/SOURCES/389-ds-base-devel.README @@ -0,0 +1,4 @@ +For detailed information on developing plugins for +389 Directory Server visit. + +http://port389/wiki/Plugins diff --git a/SOURCES/389-ds-base-git.sh b/SOURCES/389-ds-base-git.sh new file mode 100644 index 0000000..0043901 --- /dev/null +++ b/SOURCES/389-ds-base-git.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +DATE=`date +%Y%m%d` +# use a real tag name here +VERSION=1.3.5.14 +PKGNAME=389-ds-base +TAG=${TAG:-$PKGNAME-$VERSION} +URL="https://git.fedorahosted.org/git/?p=389/ds.git;a=snapshot;h=$TAG;sf=tgz" +SRCNAME=$PKGNAME-$VERSION + +wget -O $SRCNAME.tar.gz "$URL" + +echo convert tgz format to tar.bz2 format + +gunzip $PKGNAME-$VERSION.tar.gz +bzip2 $PKGNAME-$VERSION.tar diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec new file mode 100644 index 0000000..4e55987 --- /dev/null +++ b/SPECS/389-ds-base.spec @@ -0,0 +1,987 @@ + +%global pkgname dirsrv +%global srcname 389-ds-base + +# Exclude i686 bit arches +ExcludeArch: i686 + +# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. +%global use_Socket6 0 + +%global use_asan 0 +%global use_rust 1 +%global bundle_jemalloc 1 +%if %{use_asan} +%global bundle_jemalloc 0 +%endif + +%if %{bundle_jemalloc} +%global jemalloc_name jemalloc +%global jemalloc_ver 5.2.1 +%global __provides_exclude ^libjemalloc\\.so.*$ +%endif + +# Use Clang instead of GCC +%global use_clang 0 + +# Build cockpit plugin +%global use_cockpit 0 + +# fedora 15 and later uses tmpfiles.d +# otherwise, comment this out +%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} + +# systemd support +%global groupname %{pkgname}.target + +# set PIE flag +%global _hardened_build 1 + +# Filter argparse-manpage from autogenerated package Requires +%global __requires_exclude ^python.*argparse-manpage + +# Force to require nss version greater or equal as the version available at the build time +# See bz1986327 +%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") + +Summary: 389 Directory Server (base) +Name: 389-ds-base +Version: 2.0.8 +Release: 6%{?dist} +License: GPLv3+ and ASL 2.0 and MPLv2.0 and Boost +URL: https://www.port389.org +Conflicts: selinux-policy-base < 3.9.8 +Conflicts: freeipa-server < 4.0.3 +Obsoletes: %{name} <= 1.4.0.9 +Obsoletes: %{name}-legacy-tools < 1.4.4.6 +Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6 +Provides: ldif2ldbm >= 0 + +##### Bundled cargo crates list - START ##### +Provides: bundled(crate(ahash)) = 0.7.2 +Provides: bundled(crate(ansi_term)) = 0.11.0 +Provides: bundled(crate(atty)) = 0.2.14 +Provides: bundled(crate(autocfg)) = 1.0.1 +Provides: bundled(crate(base64)) = 0.13.0 +Provides: bundled(crate(bitflags)) = 1.2.1 +Provides: bundled(crate(byteorder)) = 1.4.3 +Provides: bundled(crate(cbindgen)) = 0.9.1 +Provides: bundled(crate(cc)) = 1.0.67 +Provides: bundled(crate(cfg-if)) = 1.0.0 +Provides: bundled(crate(clap)) = 2.33.3 +Provides: bundled(crate(concread)) = 0.2.9 +Provides: bundled(crate(crossbeam)) = 0.8.0 +Provides: bundled(crate(crossbeam-channel)) = 0.5.1 +Provides: bundled(crate(crossbeam-deque)) = 0.8.0 +Provides: bundled(crate(crossbeam-epoch)) = 0.9.3 +Provides: bundled(crate(crossbeam-queue)) = 0.3.1 +Provides: bundled(crate(crossbeam-utils)) = 0.8.3 +Provides: bundled(crate(entryuuid)) = 0.1.0 +Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 +Provides: bundled(crate(fernet)) = 0.1.4 +Provides: bundled(crate(foreign-types)) = 0.3.2 +Provides: bundled(crate(foreign-types-shared)) = 0.1.1 +Provides: bundled(crate(getrandom)) = 0.2.2 +Provides: bundled(crate(hermit-abi)) = 0.1.18 +Provides: bundled(crate(instant)) = 0.1.9 +Provides: bundled(crate(itoa)) = 0.4.7 +Provides: bundled(crate(jobserver)) = 0.1.21 +Provides: bundled(crate(lazy_static)) = 1.4.0 +Provides: bundled(crate(libc)) = 0.2.93 +Provides: bundled(crate(librnsslapd)) = 0.1.0 +Provides: bundled(crate(librslapd)) = 0.1.0 +Provides: bundled(crate(lock_api)) = 0.4.3 +Provides: bundled(crate(log)) = 0.4.14 +Provides: bundled(crate(memoffset)) = 0.6.3 +Provides: bundled(crate(once_cell)) = 1.7.2 +Provides: bundled(crate(openssl)) = 0.10.35 +Provides: bundled(crate(openssl-sys)) = 0.9.65 +Provides: bundled(crate(parking_lot)) = 0.11.1 +Provides: bundled(crate(parking_lot_core)) = 0.8.3 +Provides: bundled(crate(paste)) = 0.1.18 +Provides: bundled(crate(paste-impl)) = 0.1.18 +Provides: bundled(crate(pkg-config)) = 0.3.19 +Provides: bundled(crate(ppv-lite86)) = 0.2.10 +Provides: bundled(crate(proc-macro-hack)) = 0.5.19 +Provides: bundled(crate(proc-macro2)) = 1.0.26 +Provides: bundled(crate(pwdchan)) = 0.1.0 +Provides: bundled(crate(quote)) = 1.0.9 +Provides: bundled(crate(rand)) = 0.8.3 +Provides: bundled(crate(rand_chacha)) = 0.3.0 +Provides: bundled(crate(rand_core)) = 0.6.2 +Provides: bundled(crate(rand_hc)) = 0.3.0 +Provides: bundled(crate(redox_syscall)) = 0.2.6 +Provides: bundled(crate(remove_dir_all)) = 0.5.3 +Provides: bundled(crate(ryu)) = 1.0.5 +Provides: bundled(crate(scopeguard)) = 1.1.0 +Provides: bundled(crate(serde)) = 1.0.125 +Provides: bundled(crate(serde_derive)) = 1.0.125 +Provides: bundled(crate(serde_json)) = 1.0.64 +Provides: bundled(crate(slapd)) = 0.1.0 +Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 +Provides: bundled(crate(smallvec)) = 1.6.1 +Provides: bundled(crate(strsim)) = 0.8.0 +Provides: bundled(crate(syn)) = 1.0.69 +Provides: bundled(crate(synstructure)) = 0.12.4 +Provides: bundled(crate(tempfile)) = 3.2.0 +Provides: bundled(crate(textwrap)) = 0.11.0 +Provides: bundled(crate(toml)) = 0.5.8 +Provides: bundled(crate(unicode-width)) = 0.1.8 +Provides: bundled(crate(unicode-xid)) = 0.2.1 +Provides: bundled(crate(uuid)) = 0.8.2 +Provides: bundled(crate(vcpkg)) = 0.2.11 +Provides: bundled(crate(vec_map)) = 0.8.2 +Provides: bundled(crate(version_check)) = 0.9.3 +Provides: bundled(crate(wasi)) = 0.10.2+wasi_snapshot_preview1 +Provides: bundled(crate(winapi)) = 0.3.9 +Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(zeroize)) = 1.2.0 +Provides: bundled(crate(zeroize_derive)) = 1.0.1 +##### Bundled cargo crates list - END ##### + +BuildRequires: nspr-devel +BuildRequires: nss-devel >= 3.34 +BuildRequires: openldap-devel +BuildRequires: libdb-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: icu +BuildRequires: libicu-devel +BuildRequires: pcre-devel +BuildRequires: cracklib-devel +%if %{use_clang} +BuildRequires: libatomic +BuildRequires: clang +%else +BuildRequires: gcc +BuildRequires: gcc-c++ +%endif +# The following are needed to build the snmp ldap-agent +BuildRequires: net-snmp-devel +BuildRequires: lm_sensors-devel +BuildRequires: bzip2-devel +BuildRequires: zlib-devel +BuildRequires: openssl-devel +# the following is for the pam passthru auth plug-in +BuildRequires: pam-devel +BuildRequires: systemd-units +BuildRequires: systemd-devel +%if %{use_asan} +BuildRequires: libasan +%endif +# If rust is enabled +%if %{use_rust} +BuildRequires: cargo +BuildRequires: rust +%endif +BuildRequires: pkgconfig +BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(krb5) + +# Needed to support regeneration of the autotool artifacts. +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +# For our documentation +BuildRequires: doxygen +# For tests! +BuildRequires: libcmocka-devel +BuildRequires: libevent-devel +# For lib389 and related components +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-ldap +BuildRequires: python%{python3_pkgversion}-six +BuildRequires: python%{python3_pkgversion}-pyasn1 +BuildRequires: python%{python3_pkgversion}-pyasn1-modules +BuildRequires: python%{python3_pkgversion}-dateutil +BuildRequires: python%{python3_pkgversion}-argcomplete +BuildRequires: python%{python3_pkgversion}-argparse-manpage +BuildRequires: python%{python3_pkgversion}-libselinux +BuildRequires: python%{python3_pkgversion}-policycoreutils + +# For cockpit +%if %{use_cockpit} +BuildRequires: rsync +%endif + +Requires: %{name}-libs = %{version}-%{release} +Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} + +# this is needed for using semanage from our setup scripts +Requires: policycoreutils-python-utils +Requires: /usr/sbin/semanage +Requires: libsemanage-python%{python3_pkgversion} + +Requires: selinux-policy >= 3.14.1-29 + +# the following are needed for some of our scripts +Requires: openldap-clients +Requires: /usr/bin/c_rehash +Requires: python%{python3_pkgversion}-ldap + +# this is needed to setup SSL if you are not using the +# administration server package +Requires: nss-tools +Requires: nss >= 3.34 +%dirsrv_requires_ge nss + +# these are not found by the auto-dependency method +# they are required to support the mandatory LDAP SASL mechs +Requires: cyrus-sasl-gssapi +Requires: cyrus-sasl-md5 +Requires: cyrus-sasl-plain + +# this is needed for verify-db.pl +Requires: libdb-utils + +# Needed for password dictionary checks +Requires: cracklib-dicts + +# Needed by logconv.pl +Requires: perl-DB_File +Requires: perl-Archive-Tar +Requires: perl-debugger +Requires: perl-sigtrap + +# Picks up our systemd deps. +%{?systemd_requires} + +Obsoletes: %{name} <= 1.3.5.4 + +Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2 +# 389-ds-git.sh should be used to generate the source tarball from git +Source1: %{name}-git.sh +Source2: %{name}-devel.README +%if %{bundle_jemalloc} +Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 +%endif +Patch01: 0001-Issue-4884-server-crashes-when-dnaInterval-attribute.patch +Patch02: 0002-Issue-4894-IPA-failure-in-ipa-user-del-preserve-4907.patch +Patch03: 0003-Issue-4169-backport-lib389-cert-list-fix.patch + +%description +389 Directory Server is an LDAPv3 compliant server. The base package includes +the LDAP server and command line utilities for server administration. +%if %{use_asan} +WARNING! This build is linked to Address Sanitisation libraries. This probably +isn't what you want. Please contact support immediately. +Please see http://seclists.org/oss-sec/2016/q1/363 for more information. +%endif + +%package libs +Summary: Core libraries for 389 Directory Server +BuildRequires: nspr-devel +BuildRequires: nss-devel >= 3.34 +BuildRequires: openldap-devel +BuildRequires: libdb-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: libicu-devel +BuildRequires: pcre-devel +BuildRequires: libtalloc-devel +BuildRequires: libevent-devel +BuildRequires: libtevent-devel +Requires: krb5-libs +Requires: libevent +BuildRequires: systemd-devel +BuildRequires: make +Provides: svrcore = 4.1.4 +Conflicts: svrcore +Obsoletes: svrcore <= 4.1.3 + +%description libs +Core libraries for the 389 Directory Server base package. These libraries +are used by the main package and the -devel package. This allows the -devel +package to be installed with just the -libs package and without the main package. + +%package devel +Summary: Development libraries for 389 Directory Server +Requires: %{name}-libs = %{version}-%{release} +Requires: pkgconfig +Requires: nspr-devel +Requires: nss-devel >= 3.34 +Requires: openldap-devel +Requires: libtalloc +Requires: libevent +Requires: libtevent +Requires: systemd-libs +Provides: svrcore-devel = 4.1.4 +Conflicts: svrcore-devel +Obsoletes: svrcore-devel <= 4.1.3 + +%description devel +Development Libraries and headers for the 389 Directory Server base package. + +%package snmp +Summary: SNMP Agent for 389 Directory Server +Requires: %{name} = %{version}-%{release} + +Obsoletes: %{name} <= 1.4.0.0 + +%description snmp +SNMP Agent for the 389 Directory Server base package. + +%package -n python%{python3_pkgversion}-lib389 +Summary: A library for accessing, testing, and configuring the 389 Directory Server +BuildArch: noarch +Requires: openssl +Requires: iproute +Recommends: bash-completion +Requires: python%{python3_pkgversion} +Requires: python%{python3_pkgversion}-distro +Requires: python%{python3_pkgversion}-ldap +Requires: python%{python3_pkgversion}-six +Requires: python%{python3_pkgversion}-pyasn1 +Requires: python%{python3_pkgversion}-pyasn1-modules +Requires: python%{python3_pkgversion}-dateutil +Requires: python%{python3_pkgversion}-argcomplete +Requires: python%{python3_pkgversion}-libselinux +Requires: python%{python3_pkgversion}-setuptools +%{?python_provide:%python_provide python%{python3_pkgversion}-lib389} + +%description -n python%{python3_pkgversion}-lib389 +This module contains tools and libraries for accessing, testing, + and configuring the 389 Directory Server. + +%if %{use_cockpit} +%package -n cockpit-389-ds +Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server +BuildArch: noarch +Requires: cockpit +Requires: 389-ds-base +Requires: python%{python3_pkgversion} +Requires: python%{python3_pkgversion}-lib389 + +%description -n cockpit-389-ds +A cockpit UI Plugin for configuring and administering the 389 Directory Server +%endif + +%prep + +%autosetup -p1 -v -n %{name}-%{version} +%if %{bundle_jemalloc} +%setup -q -n %{name}-%{version} -T -D -b 3 +%endif + +cp %{SOURCE2} README.devel + +# The configure macro will modify some autoconf-related files, which upsets +# cargo when it tries to verify checksums in those files. If we just truncate +# that file list, cargo won't have anything to complain about. +find vendor -name .cargo-checksum.json \ + -exec sed -i.uncheck -e 's/"files":{[^}]*}/"files":{ }/' '{}' '+' + +%build + +OPENLDAP_FLAG="--with-openldap" +%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} +# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 +NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" + +%if %{use_asan} +ASAN_FLAGS="--enable-asan --enable-debug" +%endif + +%if %{use_rust} +RUST_FLAGS="--enable-rust --enable-rust-offline" +%endif + +%if !%{use_cockpit} +COCKPIT_FLAGS="--disable-cockpit" +%endif + +%if %{use_clang} +export CC=clang +export CXX=clang++ +CLANG_FLAGS="--enable-clang" +%endif + +%if %{bundle_jemalloc} +# Override page size, bz #1545539 +# 4K +%ifarch %ix86 %arm x86_64 s390x +%define lg_page --with-lg-page=12 +%endif + +# 64K +%ifarch ppc64 ppc64le aarch64 +%define lg_page --with-lg-page=16 +%endif + +# Override huge page size on aarch64 +# 2M instead of 512M +%ifarch aarch64 +%define lg_hugepage --with-lg-hugepage=21 +%endif + +# Build jemalloc +pushd ../%{jemalloc_name}-%{jemalloc_ver} +%configure \ + --libdir=%{_libdir}/%{pkgname}/lib \ + --bindir=%{_libdir}/%{pkgname}/bin \ + --enable-prof +make %{?_smp_mflags} +popd +%endif + +# Enforce strict linking +%define _ld_strict_symbol_defs 1 + +# Rebuild the autotool artifacts now. +autoreconf -fiv + +%configure --enable-autobind --with-selinux $TMPFILES_FLAG \ + --with-systemd \ + --with-systemdsystemunitdir=%{_unitdir} \ + --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ + --with-systemdgroupname=%{groupname} \ + --libexecdir=%{_libexecdir}/%{pkgname} \ + $NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ + --enable-cmocka \ + --enable-perl + + +# lib389 +pushd ./src/lib389 +%py3_build +popd +# argparse-manpage dynamic man pages have hardcoded man v1 in header, +# need to change it to v8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsconf.8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsctl.8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsidm.8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dscreate.8 + +# Generate symbolic info for debuggers +export XCFLAGS=$RPM_OPT_FLAGS + +#make %{?_smp_mflags} +make + +%install + +mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} +%if %{use_cockpit} +mkdir -p %{buildroot}%{_datadir}/cockpit +%endif +make DESTDIR="$RPM_BUILD_ROOT" install + +%if %{use_cockpit} +find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list +find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list +%endif + +# Copy in our docs from doxygen. +cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 + +# lib389 +pushd src/lib389 +%py3_install +popd + +mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} + +# for systemd +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants + +# remove libtool archives and static libs +rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a +rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la + +%if %{bundle_jemalloc} +pushd ../%{jemalloc_name}-%{jemalloc_ver} +make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin +cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc +cp -pa README ../%{name}-%{version}/README.jemalloc +popd +%endif + +%check +# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. +if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi + +%post +if [ -n "$DEBUGPOSTTRANS" ] ; then + output=$DEBUGPOSTTRANS + output2=${DEBUGPOSTTRANS}.upgrade +else + output=/dev/null + output2=/dev/null +fi +# reload to pick up any changes to systemd files +/bin/systemctl daemon-reload >$output 2>&1 || : + +# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation +# Soft static allocation for UID and GID +USERNAME="dirsrv" +ALLOCATED_UID=389 +GROUPNAME="dirsrv" +ALLOCATED_GID=389 +HOMEDIR="/usr/share/dirsrv" + +getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME +if ! getent passwd $USERNAME >/dev/null ; then + if ! getent passwd $ALLOCATED_UID >/dev/null ; then + /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME + else + /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME + fi +fi + +# Reload our sysctl before we restart (if we can) +sysctl --system &> $output; true + +# Gather the running instances so we can restart them +instbase="%{_sysconfdir}/%{pkgname}" +ninst=0 +for dir in $instbase/slapd-* ; do + echo dir = $dir >> $output 2>&1 || : + if [ ! -d "$dir" ] ; then continue ; fi + case "$dir" in *.removed) continue ;; esac + basename=`basename $dir` + inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" + echo found instance $inst - getting status >> $output 2>&1 || : + if /bin/systemctl -q is-active $inst ; then + echo instance $inst is running >> $output 2>&1 || : + instances="$instances $inst" + else + echo instance $inst is not running >> $output 2>&1 || : + fi + ninst=`expr $ninst + 1` +done +if [ $ninst -eq 0 ] ; then + echo no instances to upgrade >> $output 2>&1 || : + exit 0 # have no instances to upgrade - just skip the rest +else + # restart running instances + echo shutting down all instances . . . >> $output 2>&1 || : + for inst in $instances ; do + echo stopping instance $inst >> $output 2>&1 || : + /bin/systemctl stop $inst >> $output 2>&1 || : + done + for inst in $instances ; do + echo starting instance $inst >> $output 2>&1 || : + /bin/systemctl start $inst >> $output 2>&1 || : + done +fi + + +%preun +if [ $1 -eq 0 ]; then # Final removal + # remove instance specific service files/links + rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : +fi + +%postun +if [ $1 = 0 ]; then # Final removal + rm -rf /var/run/%{pkgname} +fi + +%post snmp +%systemd_post %{pkgname}-snmp.service + +%preun snmp +%systemd_preun %{pkgname}-snmp.service %{groupname} + +%postun snmp +%systemd_postun_with_restart %{pkgname}-snmp.service + +exit 0 + +%files +%if %{bundle_jemalloc} +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc +%license COPYING.jemalloc +%else +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl +%endif +%dir %{_sysconfdir}/%{pkgname} +%dir %{_sysconfdir}/%{pkgname}/schema +%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif +%dir %{_sysconfdir}/%{pkgname}/config +%dir %{_sysconfdir}/systemd/system/%{groupname}.wants +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf +%{_datadir}/%{pkgname} +%{_datadir}/gdb/auto-load/* +%{_unitdir} +%{_bindir}/dbscan +%{_mandir}/man1/dbscan.1.gz +%{_bindir}/ds-replcheck +%{_mandir}/man1/ds-replcheck.1.gz +%{_bindir}/ds-logpipe.py +%{_mandir}/man1/ds-logpipe.py.1.gz +%{_bindir}/ldclt +%{_mandir}/man1/ldclt.1.gz +%{_bindir}/logconv.pl +%{_mandir}/man1/logconv.pl.1.gz +%{_bindir}/pwdhash +%{_mandir}/man1/pwdhash.1.gz +#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd +%{_sbindir}/ns-slapd +%{_mandir}/man8/ns-slapd.8.gz +%{_sbindir}/openldap_to_ds +%{_mandir}/man8/openldap_to_ds.8.gz +%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl +%{_mandir}/man5/99user.ldif.5.gz +%{_mandir}/man5/certmap.conf.5.gz +%{_mandir}/man5/slapd-collations.conf.5.gz +%{_mandir}/man5/dirsrv.5.gz +%{_mandir}/man5/dirsrv.systemd.5.gz +%{_libdir}/%{pkgname}/python +%dir %{_libdir}/%{pkgname}/plugins +%{_libdir}/%{pkgname}/plugins/*.so +# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but +# sysctl.d is always in /lib. +%{_prefix}/lib/sysctl.d/* +%dir %{_localstatedir}/lib/%{pkgname} +%dir %{_localstatedir}/log/%{pkgname} +%ghost %dir %{_localstatedir}/lock/%{pkgname} +%exclude %{_sbindir}/ldap-agent* +%exclude %{_mandir}/man1/ldap-agent.1.gz +%exclude %{_unitdir}/%{pkgname}-snmp.service +%if %{bundle_jemalloc} +%{_libdir}/%{pkgname}/lib/ +%{_libdir}/%{pkgname}/bin/ +%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config +%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh +%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a +%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so +%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a +%exclude %{_libdir}/%{pkgname}/lib/pkgconfig +%endif + +%files devel +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%{_mandir}/man3/* +%{_includedir}/svrcore.h +%{_includedir}/%{pkgname} +%{_libdir}/libsvrcore.so +%{_libdir}/%{pkgname}/libslapd.so +%{_libdir}/%{pkgname}/libns-dshttpd.so +%{_libdir}/%{pkgname}/libldaputil.so +%{_libdir}/pkgconfig/svrcore.pc +%{_libdir}/pkgconfig/dirsrv.pc + +%files libs +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%dir %{_libdir}/%{pkgname} +%{_libdir}/libsvrcore.so.* +%{_libdir}/%{pkgname}/libslapd.so.* +%{_libdir}/%{pkgname}/libns-dshttpd.so.* +%{_libdir}/%{pkgname}/libldaputil.so.* +%{_libdir}/%{pkgname}/librewriters.so* +%if %{bundle_jemalloc} +%{_libdir}/%{pkgname}/lib/libjemalloc.so.2 +%endif + +%files snmp +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf +%{_sbindir}/ldap-agent* +%{_mandir}/man1/ldap-agent.1.gz +%{_unitdir}/%{pkgname}-snmp.service + +%files -n python%{python3_pkgversion}-lib389 +%doc LICENSE LICENSE.GPLv3+ +%{python3_sitelib}/lib389* +%{_sbindir}/dsconf +%{_mandir}/man8/dsconf.8.gz +%{_sbindir}/dscreate +%{_mandir}/man8/dscreate.8.gz +%{_sbindir}/dsctl +%{_mandir}/man8/dsctl.8.gz +%{_sbindir}/dsidm +%{_mandir}/man8/dsidm.8.gz +%{_libexecdir}/%{pkgname}/dscontainer + +%if %{use_cockpit} +%files -n cockpit-389-ds -f cockpit.list +%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml +%doc README.md +%endif + +%changelog +* Fri Sep 17 2021 Mark Reynolds - 2.0.8-6 +- Bump version to 2.0.8-6 +- Resolves: Bug 2000420 - Not able to preserve users using "ipa user-del --preserve" + +* Fri Sep 17 2021 Mark Reynolds - 2.0.8-5 +- Bump version to 2.0.8-5 +- Resolves: Bug 2000420 - Not able to preserve users using "ipa user-del --preserve" + +* Mon Aug 30 2021 Mark Reynolds - 2.0.8-4 +- Bump version to 2.0.8-4 +- Resolves: Bug 1992609 - Fix specfile issue with applying patches + +* Mon Aug 30 2021 Mark Reynolds - 2.0.8-3 +- Bump version to 2.0.8-3 +- Resolves: Bug 1992609 - Fix specfile issue with applying patches + +* Fri Aug 27 2021 Mark Reynolds - 2.0.8-2 +- Bump version to 2.0.8-2 +- Resolves: Bug 1998464 - LDAP server crashes when dnaInterval attribute is set to 0 + +* Mon Aug 23 2021 Mark Reynolds - 2.0.8-1 +- Bump version to 2.0.8-1 +- Resolves: Bug 1992609 - EntryUUID syntax plugin breaks replication with older versions + +* Thu Aug 12 2021 Viktor Ashirov - 2.0.7-3 +- Remove unused relprefix and prerel macros that break rpmdev-bumpspec logic + Related: rhbz#1991688 + +* Mon Aug 09 2021 Mohan Boddu - 2.0.7-2.1 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Aug 5 2021 Simon Pichugin - 2.0.7-2 +- Resolves: Bug 1988759 - 389-ds-base: Rebuild does not switch to OpenSSL 3.0 Beta ABI +- Force to require nss version greater or equal as the version available at the build time + +* Fri Jul 16 2021 Mark Reynolds - 2.0.7-1 +- Bump version to 2.0.7-1 +- Resolves: Bug 1982789 - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed + +* Thu Jul 8 2021 Mark Reynolds - 2.0.6-3 +- Bump version to 2.0.6-3 +- Resolves: Bug 1978618 - Drop argparse-manpage runtime dependency + +* Mon Jun 28 2021 Simon Pichugin - 2.0.6-2 +- Roll back to openssl 0.10.33 rust crate as it's required for OpenSSL 3.0.0-alpha16 + +* Thu Jun 24 2021 Mark Reynolds - 2.0.6-1 +- Bump version to 2.0.6 +- Resolves: Bug 1970559 - Crash in dynamic_plugins_test.py::test_acceptance +- Resolves: Bug 1843522 - move CL followup (1) - don't use hardcoded filename +- Resolves: Bug 1843524 - move CL followup (3) - import ldif2cl task should not close all changelogs +- Resolves: Bug 220222 - [RFE] support for RFC 4530 entryUUID attribute +- Resolves: Bug 1859296 - Remove DES to AES conversion code +- Resolves: Bug 1970586 - MODRDN fails with err=32 in managed_entry_test.py::test_mentry01 +- Resolves: Bug 1970613 - dbscan crashes with SIGABRT in dirsrvtests/tests/suites/password/regression_test.py::test_unhashed_pw_switch +- Resolves: Bug 1970620 - memberofAutoAddOC attribute can't be added to Memberof plugin when dynamic plugins are on +- Resolves: Bug 1970586 - MODRDN fails with err=32 in managed_entry_test.py::test_mentry01 +- Resolves: Bug 1910941 - CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN + +* Wed Jun 16 2021 Mohan Boddu - 2.0.5-1.1 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Sun May 30 2021 Mark Reynolds - 2.0.5-1 +- Bump version to 2.0.5 +- Issue 4778 - RFE - Allow setting TOD for db compaction and add task +- Issue 4169 - UI - Port plugin tables to PF4 +- Issue 4656 - Allow backward compatilbity for replication plugin name change +- Issue 4764 - replicated operation sometime checks ACI (#4783) +- Issue 2820 - Fix CI test suite issues +- Issue 4781 - There are some typos in man-pages +- Issue 4773 - Enable interval feature of DNA plugin +- Issue 4623 - RFE - Monitor the current DB locks (#4762) +- Issue 3555 - Fix UI audit issue +- Issue 4725 - Fix compiler warnings +- Issue 4770 - Lower FIPS logging severity +- Issue 4765 - database suffix unexpectdly changed from .db to .db4 (#4766) +- Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727) +- Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748) +- Issue 4759 - Fix coverity issue (#4760) +- Issue 4169 - UI - Migrate Buttons to PF4 (#4745) +- Issue 4714 - dscontainer fails with rootless podman +- Issue 4750 - Fix compiler warning in retrocl (#4751) +- Issue 4742 - UI - should always use LDAPI path when calling CLI +- Issue 4169 - UI - Migrate Server, Security, and Schema tables to PF4 +- Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732) +- Issue 4701 - RFE - Exclude attributes from retro changelog (#4723) +- Issue 4740 - Fix CI lib389 userPwdPolicy and subtreePwdPolicy (#4741) +- Issue 4711 - SECURITY FIX - SIGSEV with sync_repl (#4738) +- Issue 4734 - import of entry with no parent warning (#4735) +- Issue 4729 - GitHub Actions fails to run pytest tests +- Issue 4656 - Remove problematic language from source code +- Issue 4632 - dscontainer: SyntaxWarning: "is" with a literal. +- Issue 4169 - UI - migrate replication tables to PF4 +- Issue 4637 - ndn cache leak (#4724) +- Issue 4577 - Fix ASAN flags in specfile +- Issue 4169 - UI - PF4 migration - database tables +- issue 4653 - refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan (#4709) + +* Mon May 24 2021 Simon Pichugin - 2.0.3-4 +- Initial support for OpenSSL 3.0.0-alpha16 + +* Thu Apr 15 2021 Mohan Boddu - 2.0.3-3.1 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Fri Feb 26 2021 Alexander Bokovoy - 2.0.3-3 +- Remove a revert of the fix for Issue 4609 - CVE - info disclosure when authenticating(breaks Dogtag) +- Dogtag has fixed own code that failed in the presence of the fix for Issue 4609 + +* Fri Feb 19 2021 Mark Reynolds - 2.0.3-2 +- Bump version to 2.0.3-2 +- Revert Issue 4609 - CVE - info disclosure when authenticating(breaks DogTag) + +* Fri Feb 12 2021 Mark Reynolds - 2.0.3-1 +- Bump version to 2.0.3 +- Issue 4619 - remove pytest requirement from lib389 +- Issue 4615 - log message when psearch first exceeds max threads per conn +- Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618) +- Issue 4324 - Some architectures the cache line size file does not exist +- Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614) +- Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm +- PR 4564 - Update dscontainer +- Issue 4149 - UI - port TreeView and opther components to PF4 +- Issue 4577 - Add GitHub actions +- Issue 4591 - RFE - improve openldap_to_ds help and features (#4607) +- issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613) +- Issue 4609 - CVE - info disclosure when authenticating +- Issue 4348 - Add tests for dsidm +- Issue 4571 - Stale libdb-utils dependency +- Issue 4600 - performance modify rate: reduce lock contention on the object extension factory (#4601) +- Issue 4577 - Add GitHub actions +- Issue 4588 - BUG - unable to compile without xcrypt (#4589) +- Issue 4579 - libasan detects heap-use-after-free in URP test (#4584) +- Issue 4581 - A failed re-indexing leaves the database in broken state (#4582) +- Issue 4348 - Add tests for dsidm +- Issue 4577 - Add GitHub actions +- Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) +- Issue 4093 - fix compiler warnings and update doxygen +- Issue 4575 - Update test docstrings metadata +- Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553) +- Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569) +- Issue 4513 - Add DS version check to SSL version test (#4570) +- Issue 5442 - Search results are different between RHDS10 and RHDS11 +- Issue 4396 - Minor memory leak in backend (#4558) +- Issue 4513 - Fix replication CI test failures (#4557) +- Issue 4513 - Fix replication CI test failures (#4557) +- Issue 4153 - Added a CI test (#4556) +- Issue 4506 - BUG - fix oob alloc for fds (#4555) +- Issue 4548 - CLI - dsconf needs better root DN access control plugin validation +- Issue 4506 - Temporary fix for io issues (#4516) +- Issue 4535 - lib389 - Fix log function in backends.py +- Issue 4534 - libasan read buffer overflow in filtercmp (#4541) +- Issue 4544 - Compiler warnings on krb5 functions (#4545) +- Update rpm.mk for RUST tarballs + +* Mon Jan 25 2021 Fedora Release Engineering - 2.0.2-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Jan 14 2021 Mark Reynolds - 2.0.2-1 +- Bump version to 2.0.2 +- Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540) +- Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529) +- Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated +- Issue 4537 - Use KRB5_CLIENT_KTNAME for client keytabs (#4523) +- Issue 4513 - CI Tests - fix test failures +- Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533) +- Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt +- Issue 4504 - pytest test_dsconf_replication_monitor fails on RHEL - Fix merging issue (#4530) +- Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527) +- Issue 4506 - BUG - Fix bounds on fd table population (#4520) +- Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525) +- Issue 4219 - Log internal unindexed searches (notes=A) +- Issue 4384 - Separate eventq into REALTIME and MONOTONIC +- Issue 4381 - RFE - LDAPI authentication DN rewritter +- Issue 4513 - Fix schema test and lib389 task module (#4514) +- Issue 4414 - disk monitoring - prevent division by zero crash +- Issue 4517 - BUG: Multiple systemd pin warnings (#4518) +- Issue 4507 - Improve csngen testing task (#4508) +- Issue 4498 - BUG - entryuuid replication may not work (#4503) +- Issue 4480 - Unexpected info returned to ldap request (#4491) +- Issue 4504 - Fix pytest test_dsconf_replication_monitor (#4505) +- Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502) +- Issue 4500 - Add cockpit enabling to dsctl +- Issue 4272 - RFE - add support for gost-yescrypt for hashing passwords (#4497) +- Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481) +- Issue 3522 - Remove DES to AES conversion code +- Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493) +- Issue 4373 - BUG - calloc of size 0 in MT build (#4496) +- Issue 4483 - heap-use-after-free in slapi_be_getsuffix +- Issue 4486 - Remove random ldif file generation from import test (#4487) +- Issue 4224 - cleanup specfile after libsds removal +- Issue 4421 - Unable to build with Rust enabled in closed environment +- Issue 4489 - Remove return statement from a void function (#4490) +- Issue 4229 - RFE - Improve rust linking and build performance (#4474) +- Issue 4224 - openldap can become confused with entryuuid +- Issue 4313 - improve tests and improve readme re refdel +- Issue 4313 - fix potential syncrepl data corruption +- Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476) +- Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475) +- Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt (#4437) +- Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472) +- Issue 4446 - RFE - openldap password hashers +- Issue 4284 - dsidm fails to delete an organizationalUnit entry +- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466) +- Issue 4464 - RFE - clang with ds+asan+rust +- Issue 4105 - Remove python.six (fix regression) +- Issue 4384 - Use MONOTONIC clock for all timing events and conditions +- Issue 4418 - ldif2db - offline. Warn the user of skipped entries +- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467) +- Issue 4460 - BUG - lib389 should use system tls policy +- Issue 3657 - Add options to dsctl for dsrc file +- Issue 4454 - RFE - fix version numbers to allow object caching +- Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set +- Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439) +- Issue 4112 - Added a CI test (#4441) +- Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451) +- Issue 4105 - Remove python.six from lib389 (#4456) +- Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444) +- Issue 4410 - RFE - ndn cache with arc in rust +- Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid +- Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining +- Issue 4428 - Paged Results with Chaining Test Case +- Issue 2054 - do not add referrals for masters with different data generation +- Issue 4383 - Do not normalize escaped spaces in a DN +- Issue 4432 - After a failed online import the next imports are very slow +- Issue 4316 - performance search rate: useless poll on network send callback (#4424) +- Issue 4281 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked' +- Issue 4429 - NULL dereference in revert_cache() +- Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422) +- Issue 4407 - RFE - remove http client and presence plugin (#4409) +- Issue 4398 - build problems at alpine linux +- Issue 4415 - unable to query schema if there are extra parenthesis + +* Thu Oct 29 2020 Mark Reynolds - 2.0.1-1 +- Bump version to 2.0.1 +- Issue 4420 - change NVR to use X.X.X instead of X.X.X.X +- Issue 4391 - DSE config modify does not call be_postop (#4394) +- Issue 4218 - Verify the new wtime and optime access log keywords (#4397) +- Issue 4176 - CL trimming causes high CPU +- Issue 2058 - Add keep alive entry after on-line initialization - second version (#4399) +- Issue 4403 - RFE - OpenLDAP pw hash migration tests (#4408) + +* Wed Oct 28 2020 Mark Reynolds - 1.4.5.0-1 +- Bump version to 1.4.5.0 +- Issue 4262 - more perl removal cleanup +- Issue 2526 - retrocl backend created out of order + +* Mon Oct 26 2020 Mark Reynolds - 1.4.4.6-1 +- Bump version to 1.4.4.6 +- Issue 4262 - Remove legacy tools subpackage (final cleanup) +- Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install) +- Issue 4262 - Remove legacy tools subpackage +- Issue 2526 - revert API change in slapi_be_getsuffix() +- Issue 4363 - Sync repl: per thread structure was incorrectly initialized (#4395) +- Issue 4392 - Update create_test.py +- Issue 2820 - Fix CI tests (#4365) +- Issue 2526 - suffix management in backends incorrect +- Issue 4389 - errors log with incorrectly formatted message parent_update_on_childchange +- Issue 4295 - Fix a closing quote issue (#4386) +- Issue 1199 - Misleading message in access log for idle timeout (#4385) +- Issue 3600 - RFE - openldap migration tooling (#4318) +- Issue 4176 - import ldif2cl task should not close all changelogs +- Issue 4159 - Healthcheck code DSBLE0002 not returned on disabled suffix +- Issue 4379 - allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service (#4380) +- Issue 4329 - Sync repl - if a serie of updates target the same entry then the cookie get wrong changenumber (#4356) +- Issue 3555 - Fix npm audit issues (#4370) +- Issue 4372 - BUG - Chaining DB did not validate bind mech parameters (#4374) +- Issue 4334 - RFE - Task timeout may cause larger dataset imports to fail (#4359) +- Issue 4361 - RFE - add - dscreate --advanced flag to avoid user confusion +- Issue 4368 - ds-replcheck crashes when processing glue entries +- Issue 4366 - lib389 - Fix account status inactivity checks +- Issue 4265 - UI - Make the secondary plugins read-only (#4364) +- Issue 4360 - password policy max sequence sets is not working as expected +- Issue 4348 - Add tests for dsidm +- Issue 4350 - One line, fix invalid type error in tls_cacertdir check (#4358) +