diff --git a/SOURCES/0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch b/SOURCES/0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch
new file mode 100644
index 0000000..1ad23eb
--- /dev/null
+++ b/SOURCES/0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch
@@ -0,0 +1,266 @@
+From 3796e26e93991ded631ac57053049e9aad44c53b Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Wed, 10 Oct 2018 15:35:12 +0200
+Subject: [PATCH] Ticket 49968 - Confusing CRITICAL message: list_candidates -
+ NULL idl was recieved from filter_candidates_ext
+
+Bug Description:
+ When a filter component is indexed but returns an empty IDL
+ an alarming message is logged although it is normal.
+
+Fix Description:
+ Remove the alarming message
+
+https://pagure.io/389-ds-base/issue/49968
+
+Reviewed by: Mark Reynolds
+
+Platforms tested: F27 + testcase
+
+Flag Day: no
+
+Doc impact: no
+---
+ dirsrvtests/tests/suites/basic/basic_test.py | 202 +++++++++++++++++++
+ ldap/servers/slapd/back-ldbm/filterindex.c | 10 +-
+ 2 files changed, 204 insertions(+), 8 deletions(-)
+
+diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
+index 45988dc7a..dc366cd67 100644
+--- a/dirsrvtests/tests/suites/basic/basic_test.py
++++ b/dirsrvtests/tests/suites/basic/basic_test.py
+@@ -868,6 +868,208 @@ adds nsslapd-return-default-opattr attr with value of one operation attribute.
+ log.fatal('Search failed, error: ' + e.message['desc'])
+ assert False
+
++
++@pytest.fixture(scope="module")
++def create_users(topology_st):
++ """Add users to the default suffix
++ """
++
++ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
++ user_names = ["Directory", "Server", "389", "lib389", "pytest"]
++
++ log.info('Adding 5 test users')
++ for name in user_names:
++ user = users.create(properties={
++ 'uid': name,
++ 'sn': name,
++ 'cn': name,
++ 'uidNumber': '1000',
++ 'gidNumber': '1000',
++ 'homeDirectory': '/home/%s' % name,
++ 'mail': '%s@example.com' % name,
++ 'userpassword': 'pass%s' % name,
++ })
++
++
++def test_basic_anonymous_search(topology_st, create_users):
++ """Tests basic anonymous search operations
++
++ :id: c7831e04-f458-4e50-83c7-b6f77109f639
++ :setup: Standalone instance
++ Add 5 test users with different user names
++ :steps:
++ 1. Execute anonymous search with different filters
++ :expectedresults:
++ 1. Search should be successful
++ """
++
++ filters = ["uid=Directory", "(|(uid=S*)(uid=3*))", "(&(uid=l*)(mail=l*))", "(&(!(uid=D*))(ou=People))"]
++ log.info("Execute anonymous search with different filters")
++ for filtr in filters:
++ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, filtr)
++ assert len(entries) != 0
++
++
++@pytest.mark.ds604
++@pytest.mark.bz915801
++def test_search_original_type(topology_st, create_users):
++ """Test ldapsearch returning original attributes
++ using nsslapd-search-return-original-type-switch
++
++ :id: d7831d04-f558-4e50-93c7-b6f77109f640
++ :setup: Standalone instance
++ Add some test entries
++ :steps:
++ 1. Set nsslapd-search-return-original-type-switch to ON
++ 2. Check that ldapsearch *does* return unknown attributes
++ 3. Turn off nsslapd-search-return-original-type-switch
++ 4. Check that ldapsearch doesn't return any unknown attributes
++ :expectedresults:
++ 1. nsslapd-search-return-original-type-switch should be set to ON
++ 2. ldapsearch should return unknown attributes
++ 3. nsslapd-search-return-original-type-switch should be OFF
++ 4. ldapsearch should not return any unknown attributes
++ """
++
++ log.info("Set nsslapd-search-return-original-type-switch to ON")
++ topology_st.standalone.config.set('nsslapd-search-return-original-type-switch', 'on')
++
++ log.info("Check that ldapsearch *does* return unknown attributes")
++ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'uid=Directory',
++ ['objectclass overflow', 'unknown'])
++ assert "objectclass overflow" in entries[0].getAttrs()
++
++ log.info("Set nsslapd-search-return-original-type-switch to Off")
++ topology_st.standalone.config.set('nsslapd-search-return-original-type-switch', 'off')
++ log.info("Check that ldapsearch *does not* return unknown attributes")
++ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'uid=Directory',
++ ['objectclass overflow', 'unknown'])
++ assert "objectclass overflow" not in entries[0].getAttrs()
++
++
++@pytest.mark.bz192901
++def test_search_ou(topology_st):
++ """Test that DS should not return an entry that does not match the filter
++
++ :id: d7831d05-f117-4e89-93c7-b6f77109f640
++ :setup: Standalone instance
++ :steps:
++ 1. Create an OU entry without sub entries
++ 2. Search from the OU with the filter that does not match the OU
++ :expectedresults:
++ 1. Creation of OU should be successful
++ 2. Search should not return any results
++ """
++
++ log.info("Create a test OU without sub entries")
++ ou = OrganizationalUnits(topology_st.standalone, DEFAULT_SUFFIX)
++ ou.create(properties={
++ 'ou': 'test_ou',
++ })
++
++ search_base = ("ou=test_ou,%s" % DEFAULT_SUFFIX)
++ log.info("Search from the OU with the filter that does not match the OU, it should not return anything")
++ entries = topology_st.standalone.search_s(search_base, ldap.SCOPE_SUBTREE, 'uid=*', ['dn'])
++ assert len(entries) == 0
++
++
++@pytest.mark.bz1044135
++@pytest.mark.ds47319
++def test_connection_buffer_size(topology_st):
++ """Test connection buffer size adjustable with different values(valid values and invalid)
++
++ :id: e7831d05-f117-4ec9-1203-b6f77109f117
++ :setup: Standalone instance
++ :steps:
++ 1. Set nsslapd-connection-buffer to some valid values (2, 0 , 1)
++ 2. Set nsslapd-connection-buffer to some invalid values (-1, a)
++ :expectedresults:
++ 1. This should pass
++ 2. This should fail
++ """
++
++ valid_values = ['2', '0', '1']
++ for value in valid_values:
++ topology_st.standalone.config.replace('nsslapd-connection-buffer', value)
++
++ invalid_values = ['-1', 'a']
++ for value in invalid_values:
++ with pytest.raises(ldap.OPERATIONS_ERROR):
++ topology_st.standalone.config.replace('nsslapd-connection-buffer', value)
++
++@pytest.mark.bz1637439
++def test_critical_msg_on_empty_range_idl(topology_st):
++ """Doing a range index lookup should not report a critical message even if IDL is empty
++
++ :id: a07a2222-0551-44a6-b113-401d23799364
++ :setup: Standalone instance
++ :steps:
++ 1. Create an index for internationalISDNNumber. (attribute chosen because it is
++ unlikely that previous tests used it)
++ 2. telephoneNumber being indexed by default create 20 users without telephoneNumber
++ 3. add a telephoneNumber value and delete it to trigger an empty index database
++ 4. Do a search that triggers a range lookup on empty telephoneNumber
++ 5. Check that the critical message is not logged in error logs
++ :expectedresults:
++ 1. This should pass
++ 2. This should pass
++ 3. This should pass
++ 4. This should pass on normal build but could abort a debug build
++ 4. This should pass
++ """
++ indexedAttr = 'internationalISDNNumber'
++
++ # Step 1
++ from lib389.index import Indexes
++
++ indexes = Indexes(topology_st.standalone)
++ indexes.create(properties={
++ 'cn': indexedAttr,
++ 'nsSystemIndex': 'false',
++ 'nsIndexType': 'eq'
++ })
++ topology_st.standalone.restart()
++
++ # Step 2
++ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
++ log.info('Adding 20 users without "%s"' % indexedAttr)
++ for i in range(20):
++ name = 'user_%d' % i
++ last_user = users.create(properties={
++ 'uid': name,
++ 'sn': name,
++ 'cn': name,
++ 'uidNumber': '1000',
++ 'gidNumber': '1000',
++ 'homeDirectory': '/home/%s' % name,
++ 'mail': '%s@example.com' % name,
++ 'userpassword': 'pass%s' % name,
++ })
++
++ # Step 3
++ # required update to create the indexAttr (i.e. 'loginShell') database, and then make it empty
++ topology_st.standalone.modify_s(last_user.dn, [(ldap.MOD_ADD, indexedAttr, b'1234')])
++ ent = topology_st.standalone.getEntry(last_user.dn, ldap.SCOPE_BASE,)
++ assert ent
++ assert ent.hasAttr(indexedAttr)
++ topology_st.standalone.modify_s(last_user.dn, [(ldap.MOD_DELETE, indexedAttr, None)])
++ ent = topology_st.standalone.getEntry(last_user.dn, ldap.SCOPE_BASE,)
++ assert ent
++ assert not ent.hasAttr(indexedAttr)
++
++ # Step 4
++ # The first component being not indexed the range on second is evaluated
++ try:
++ ents = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(&(sudoNotAfter=*)(%s>=111))' % indexedAttr)
++ assert len(ents) == 0
++ except ldap.SERVER_DOWN:
++ log.error('Likely testing against a debug version that asserted')
++ pass
++
++ # Step 5
++ assert not topology_st.standalone.searchErrorsLog('CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext.')
++
++
+ if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+diff --git a/ldap/servers/slapd/back-ldbm/filterindex.c b/ldap/servers/slapd/back-ldbm/filterindex.c
+index 6d36ba33e..3ef04f884 100644
+--- a/ldap/servers/slapd/back-ldbm/filterindex.c
++++ b/ldap/servers/slapd/back-ldbm/filterindex.c
+@@ -803,16 +803,10 @@ list_candidates(
+ }
+
+ /*
+- * Assert we recieved a valid idl. If it was NULL, it means somewhere we failed
+- * during the dblayer interactions.
+- *
+- * idl_set requires a valid idl structure to generate the linked list of
+- * idls that we insert.
++ * The IDL for that component is NULL, so no candidate retrieved from that component. This is all normal
++ * Just build a idl with an empty set
+ */
+ if (tmp == NULL) {
+- slapi_log_err(SLAPI_LOG_CRIT, "list_candidates", "NULL idl was recieved from filter_candidates_ext.");
+- slapi_log_err(SLAPI_LOG_CRIT, "list_candidates", "Falling back to empty IDL set. This may affect your search results.");
+- PR_ASSERT(tmp);
+ tmp = idl_alloc(0);
+ }
+
+--
+2.17.2
+
diff --git a/SOURCES/0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch b/SOURCES/0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch
new file mode 100644
index 0000000..a4f8cdb
--- /dev/null
+++ b/SOURCES/0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch
@@ -0,0 +1,62 @@
+From a7ee52bd4b0bce82402a581ee16659ebb2f8d96e Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Wed, 24 Oct 2018 15:31:25 +0200
+Subject: [PATCH 1/2] Ticket 49967 - entry cache corruption after failed MODRDN
+
+Bug Description:
+ During a MODRDN the DN cache is updated to replace
+ source DN with the target DN (modrdn_rename_entry_update_indexes)
+ If later a failure occurs (for example if BETXN_POSTOP fails) and
+ the txn is aborted, the target DN (for the specific entryID) remains
+ in the DN cache.
+
+ If the entry is returned in a search, to build the DN there is
+ a lookup of the DN cache with the entryID. It retrieves the target DN
+ rather than the source DN
+
+Fix Description:
+ In case of failure of the operation, the entry (from the entryID)
+ need to be cleared from the DN cache
+
+https://pagure.io/389-ds-base/issue/49967
+
+Reviewed by: Mark Reynolds
+
+Platforms tested: F27
+
+Flag Day: no
+
+Doc impact: no
+
+(cherry picked from commit ab4af68ef49fcdc5f2f6d0c1f5c7b9a5333b1bee)
+---
+ ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+index 71e2a8fe0..e2e9d1b46 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+@@ -1400,6 +1400,19 @@ common_return:
+ }
+ }
+ }
++
++ if (ec && retval) {
++ /* if the operation failed, the destination entry does not exist
++ * but it has been added in dncache during cache_add_tentative
++ * we need to remove it. Else a retrieval from ep_id can give the wrong DN
++ */
++ struct backdn *bdn = dncache_find_id(&inst->inst_dncache, ec->ep_id);
++ slapi_log_err(SLAPI_LOG_CACHE, "ldbm_back_modrdn",
++ "operation failed, the target entry is cleared from dncache (%s)\n", slapi_entry_get_dn(ec->ep_entry));
++ CACHE_REMOVE(&inst->inst_dncache, bdn);
++ CACHE_RETURN(&inst->inst_dncache, &bdn);
++ }
++
+ /* remove the new entry from the cache if the op failed -
+ otherwise, leave it in */
+ if (ec && inst) {
+--
+2.17.2
+
diff --git a/SOURCES/0012-Ticket-49958-extended-search-fail-to-match-entries.patch b/SOURCES/0012-Ticket-49958-extended-search-fail-to-match-entries.patch
new file mode 100644
index 0000000..dcc9fa4
--- /dev/null
+++ b/SOURCES/0012-Ticket-49958-extended-search-fail-to-match-entries.patch
@@ -0,0 +1,264 @@
+From 02de69d6987b059459980b50de285c2fd7bb3e2c Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Mon, 24 Sep 2018 14:14:16 +0200
+Subject: [PATCH] Ticket 49958: extended search fail to match entries
+
+Bug Description:
+ During an extended search, a structure is created for each filter component.
+ The structure contains the keys generated from the assertion and using the given
+ matching rule indexer.
+ Later the keys will be compared (with the MR) with keys generated from the
+ attribute values of the candidate entries.
+ The bug is that parsing the assertion, instead of removing the heading spaces
+ the routine clear the assertion that is empty. So the generated keys is NULL.
+
+Fix Description:
+ The fix consists to only remove heading spaces
+
+https://pagure.io/389-ds-base/issue/49958
+
+Reviewed by: Mark Reynolds
+
+Platforms tested: F27
+
+Flag Day: no
+
+Doc impact: no
+---
+ .../tests/suites/filter/filter_test.py | 203 ++++++++++++++++++
+ ldap/servers/plugins/collation/orfilter.c | 4 +-
+ 2 files changed, 204 insertions(+), 3 deletions(-)
+
+diff --git a/dirsrvtests/tests/suites/filter/filter_test.py b/dirsrvtests/tests/suites/filter/filter_test.py
+index 280db68a3..61c449989 100644
+--- a/dirsrvtests/tests/suites/filter/filter_test.py
++++ b/dirsrvtests/tests/suites/filter/filter_test.py
+@@ -83,6 +83,209 @@ def test_filter_search_original_attrs(topology_st):
+ log.info('test_filter_search_original_attrs: PASSED')
+
+
++@pytest.mark.bz1511462
++def test_filter_scope_one(topology_st):
++ """Test ldapsearch with scope one gives only single entry
++
++ :id: cf5a6078-bbe6-4d43-ac71-553c45923f91
++ :setup: Standalone instance
++ :steps:
++ 1. Search cn=Directory Administrators,dc=example,dc=com using ldapsearch with
++ scope one using base as dc=example,dc=com
++ 2. Check that search should return only one entry
++ :expectedresults:
++ 1. This should pass
++ 2. This should pass
++ """
++
++ parent_dn="dn: dc=example,dc=com"
++ child_dn="dn: cn=Directory Administrators,dc=example,dc=com"
++
++ log.info('Search user using ldapsearch with scope one')
++ results = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_ONELEVEL,'cn=Directory Administrators',['cn'] )
++ log.info(results)
++
++ log.info('Search should only have one entry')
++ assert len(results) == 1
++
++@pytest.mark.ds47313
++def test_filter_with_attribute_subtype(topology_st):
++ """Adds 2 test entries and Search with
++ filters including subtype and !
++
++ :id: 0e69f5f2-6a0a-480e-8282-fbcc50231908
++ :setup: Standalone instance
++ :steps:
++ 1. Add 2 entries and create 3 filters
++ 2. Search for entry with filter: (&(cn=test_entry en only)(!(cn=test_entry fr)))
++ 3. Search for entry with filter: (&(cn=test_entry en only)(!(cn;fr=test_entry fr)))
++ 4. Search for entry with filter: (&(cn=test_entry en only)(!(cn;en=test_entry en)))
++ 5. Delete the added entries
++ :expectedresults:
++ 1. Operation should be successful
++ 2. Search should be successful
++ 3. Search should be successful
++ 4. Search should not be successful
++ 5. Delete the added entries
++ """
++
++ # bind as directory manager
++ topology_st.standalone.log.info("Bind as %s" % DN_DM)
++ topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
++
++ # enable filter error logging
++ # mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '32')]
++ # topology_st.standalone.modify_s(DN_CONFIG, mod)
++
++ topology_st.standalone.log.info("\n\n######################### ADD ######################\n")
++
++ # Prepare the entry with cn;fr & cn;en
++ entry_name_fr = '%s fr' % (ENTRY_NAME)
++ entry_name_en = '%s en' % (ENTRY_NAME)
++ entry_name_both = '%s both' % (ENTRY_NAME)
++ entry_dn_both = 'cn=%s, %s' % (entry_name_both, SUFFIX)
++ entry_both = Entry(entry_dn_both)
++ entry_both.setValues('objectclass', 'top', 'person')
++ entry_both.setValues('sn', entry_name_both)
++ entry_both.setValues('cn', entry_name_both)
++ entry_both.setValues('cn;fr', entry_name_fr)
++ entry_both.setValues('cn;en', entry_name_en)
++
++ # Prepare the entry with one member
++ entry_name_en_only = '%s en only' % (ENTRY_NAME)
++ entry_dn_en_only = 'cn=%s, %s' % (entry_name_en_only, SUFFIX)
++ entry_en_only = Entry(entry_dn_en_only)
++ entry_en_only.setValues('objectclass', 'top', 'person')
++ entry_en_only.setValues('sn', entry_name_en_only)
++ entry_en_only.setValues('cn', entry_name_en_only)
++ entry_en_only.setValues('cn;en', entry_name_en)
++
++ topology_st.standalone.log.info("Try to add Add %s: %r" % (entry_dn_both, entry_both))
++ topology_st.standalone.add_s(entry_both)
++
++ topology_st.standalone.log.info("Try to add Add %s: %r" % (entry_dn_en_only, entry_en_only))
++ topology_st.standalone.add_s(entry_en_only)
++
++ topology_st.standalone.log.info("\n\n######################### SEARCH ######################\n")
++
++ # filter: (&(cn=test_entry en only)(!(cn=test_entry fr)))
++ myfilter = '(&(sn=%s)(!(cn=%s)))' % (entry_name_en_only, entry_name_fr)
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 1
++ assert ensure_str(ents[0].sn) == entry_name_en_only
++ topology_st.standalone.log.info("Found %s" % ents[0].dn)
++
++ # filter: (&(cn=test_entry en only)(!(cn;fr=test_entry fr)))
++ myfilter = '(&(sn=%s)(!(cn;fr=%s)))' % (entry_name_en_only, entry_name_fr)
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 1
++ assert ensure_str(ents[0].sn) == entry_name_en_only
++ topology_st.standalone.log.info("Found %s" % ents[0].dn)
++
++ # filter: (&(cn=test_entry en only)(!(cn;en=test_entry en)))
++ myfilter = '(&(sn=%s)(!(cn;en=%s)))' % (entry_name_en_only, entry_name_en)
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 0
++ topology_st.standalone.log.info("Found none")
++
++ topology_st.standalone.log.info("\n\n######################### DELETE ######################\n")
++
++ topology_st.standalone.log.info("Try to delete %s " % entry_dn_both)
++ topology_st.standalone.delete_s(entry_dn_both)
++
++ topology_st.standalone.log.info("Try to delete %s " % entry_dn_en_only)
++ topology_st.standalone.delete_s(entry_dn_en_only)
++
++ log.info('Testcase PASSED')
++
++
++@pytest.mark.bz1615155
++def test_extended_search(topology_st):
++ """Test we can search with equality extended matching rule
++
++ :id:
++ :setup: Standalone instance
++ :steps:
++ 1. Add a test user with 'sn: ext-test-entry'
++ 2. Search '(cn:de:=ext-test-entry)'
++ 3. Search '(sn:caseIgnoreIA5Match:=EXT-TEST-ENTRY)'
++ 4. Search '(sn:caseIgnoreMatch:=EXT-TEST-ENTRY)'
++ 5. Search '(sn:caseExactMatch:=EXT-TEST-ENTRY)'
++ 6. Search '(sn:caseExactMatch:=ext-test-entry)'
++ 7. Search '(sn:caseExactIA5Match:=EXT-TEST-ENTRY)'
++ 8. Search '(sn:caseExactIA5Match:=ext-test-entry)'
++ :expectedresults:
++ 1. This should pass
++ 2. This should return one entry
++ 3. This should return one entry
++ 4. This should return one entry
++ 5. This should return NO entry
++ 6. This should return one entry
++ 7. This should return NO entry
++ 8. This should return one entry
++ 3. return one entry
++ """
++ log.info('Running test_filter_escaped...')
++
++ ATTR_VAL = 'ext-test-entry'
++ USER1_DN = "uid=%s,%s" % (ATTR_VAL, DEFAULT_SUFFIX)
++
++ try:
++ topology_st.standalone.add_s(Entry((USER1_DN, {'objectclass': "top extensibleObject".split(),
++ 'sn': ATTR_VAL.encode(),
++ 'cn': ATTR_VAL.encode(),
++ 'uid': ATTR_VAL.encode()})))
++ except ldap.LDAPError as e:
++ log.fatal('test_extended_search: Failed to add test user ' + USER1_DN + ': error ' +
++ e.message['desc'])
++ assert False
++
++ # filter: '(cn:de:=ext-test-entry)'
++ myfilter = '(cn:de:=%s)' % ATTR_VAL
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 1
++
++ # filter: '(sn:caseIgnoreIA5Match:=EXT-TEST-ENTRY)'
++ myfilter = '(cn:caseIgnoreIA5Match:=%s)' % ATTR_VAL.upper()
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 1
++
++ # filter: '(sn:caseIgnoreMatch:=EXT-TEST-ENTRY)'
++ myfilter = '(cn:caseIgnoreMatch:=%s)' % ATTR_VAL.upper()
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 1
++
++ # filter: '(sn:caseExactMatch:=EXT-TEST-ENTRY)'
++ myfilter = '(cn:caseExactMatch:=%s)' % ATTR_VAL.upper()
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 0
++
++ # filter: '(sn:caseExactMatch:=ext-test-entry)'
++ myfilter = '(cn:caseExactMatch:=%s)' % ATTR_VAL
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 1
++
++ # filter: '(sn:caseExactIA5Match:=EXT-TEST-ENTRY)'
++ myfilter = '(cn:caseExactIA5Match:=%s)' % ATTR_VAL.upper()
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 0
++
++ # filter: '(sn:caseExactIA5Match:=ext-test-entry)'
++ myfilter = '(cn:caseExactIA5Match:=%s)' % ATTR_VAL
++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
++ assert len(ents) == 1
++
++
+ if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c
+index 7705de9d6..c092d77ca 100644
+--- a/ldap/servers/plugins/collation/orfilter.c
++++ b/ldap/servers/plugins/collation/orfilter.c
+@@ -531,10 +531,8 @@ or_filter_create(Slapi_PBlock *pb)
+ default:
+ break;
+ }
+- for (; len > 0 && *val != ' '; ++val, --len)
++ for (; len > 0 && *val == ' '; ++val, --len)
+ ;
+- if (len > 0)
+- ++val, --len; /* skip the space */
+ bv.bv_len = len;
+ bv.bv_val = (len > 0) ? val : NULL;
+ } else { /* mrOID does not identify an ordering rule. */
+--
+2.17.2
+
diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec
index 09f1e05..cc73e59 100644
--- a/SPECS/389-ds-base.spec
+++ b/SPECS/389-ds-base.spec
@@ -39,7 +39,7 @@
Summary: 389 Directory Server (%{variant})
Name: 389-ds-base
Version: 1.3.8.4
-Release: %{?relprefix}15%{?prerel}%{?dist}
+Release: %{?relprefix}18%{?prerel}%{?dist}
License: GPLv3+
URL: https://www.port389.org/
Group: System Environment/Daemons
@@ -156,6 +156,9 @@ Patch06: 0006-Bug-1614820-Crash-in-vslapd_log_emergency_error.patch
Patch07: 0007-Ticket-49932-Crash-in-delete_passwdPolicy-when-persi.patch
Patch08: 0008-Bug-1624004-potential-denial-of-service-attack.patch
Patch09: 0009-Bug-1624004-fix-regression-in-empty-attribute-list.patch
+Patch10: 0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch
+Patch11: 0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch
+Patch12: 0012-Ticket-49958-extended-search-fail-to-match-entries.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
@@ -309,8 +312,7 @@ output=/dev/null
output2=/dev/null
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
-# reload to pick up any shared lib changes
-/sbin/ldconfig
+
# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
@@ -505,6 +507,18 @@ fi
%{_sysconfdir}/%{pkgname}/dirsrvtests
%changelog
+* Mon Oct 29 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-18
+- Bump version to 1.3.8.4-18
+- Resolves: Bug 1638516 - CRIT - list_candidates - NULL idl was recieved from filter_candidates_ex
+
+* Mon Oct 29 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-17
+- Bump version to 1.3.8.4-17
+- Resolves: Bug 1643875 - ns-slapd: crash in entrycache_add_int
+
+* Tue Oct 16 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-16
+- Bump version to 1.3.8.4-16
+- Resolves: Bug 1638513 - Message: "CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext." should not be critical
+
* Wed Sep 19 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-15
- Bump version to 1.3.8.4-15
- Resolves: Bug 1624004 - Fix regression in last patch