[SECURITY] Fedora 16 Update: 389-ds-base-1.2.10.24-1.fc16

updates at fedoraproject.org updates at fedoraproject.org
Tue Jan 15 02:26:45 UTC 2013


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-20156
2012-12-11 09:03:35
--------------------------------------------------------------------------------

Name        : 389-ds-base
Product     : Fedora 16
Version     : 1.2.10.24
Release     : 1.fc16
URL         : http://port389.org/
Summary     : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server.  The base package includes
the LDAP server and command line utilities for server administration.

--------------------------------------------------------------------------------
Update Information:

Here is where you give an explanation of your update.
Here is where you give an explanation of your update.
cleanallruv support - Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 10 2012 Mark Reynolds <mreynolds at redhat.com> - 1-2.10.24-1
- Bumped version to 1.2.10.24
* Mon Nov 12 2012 Mark Reynolds <mreynolds at redhat.com> - 1.2.10.17 - 1.2.10.23
- Final CLEANALLRUV changes
* Thu Oct 18 2012 Mark Reynolds <mreynolds at redhat.com> - 1.2.10.16-1
- 569c2d3 bump version to 1.2.10.16
- Ticket 403 - CLEANALLRUV - minor fixes and add support for replica-force-cleaning
* Tue Oct 16 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.15-1
- Trac Ticket #340 - Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl
- Ticket #491 - multimaster_extop_cleanruv returns wrong error codes
- 7bbaf35 COVERITY FIXES in replica_execute_cleanall_ruv_task
- 1f356fa CLEANALLRUV - remove calls to agmt_get_enabled because this feature is not in 1.2.10
- Ticket 477 - CLEANALLRUV if there are only winsync agmts task will hang
- Ticket 467 - CLEANALLRUV abort task should be able to ignore down replicas
- Ticket 450 - CLEANALLRUV task gets stuck on winsync replication agreement
- 8545947 CLEANALLRUV coverity fixes
- Ticket 403 - fix CLEANALLRUV regression from last commit
- Ticket 403 - CLEANALLRUV revisions
- Ticket 403 - cleanallruv coverity fixes
- Ticket 403 - CLEANALLRUV feature
- 4753f97 Update the slapi-plugin documentation on new slapi functions, and added a slapi function for checking on shutdowns
- b3f5a71 Coverity Fix
- Ticket 368 - Make the cleanAllRUV task one step
- Ticket #337 - Improve CLEANRUV task
- Ticket #353 - coverity 12625-12629 - leaks, dead code, unchecked return
- Ticket #337 - RFE - Improve CLEANRUV functionality
* Wed Jul 18 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.14-1
- Ticket #410 - Referential integrity plug-in does not work when update interval is not zero
* Mon Jul 16 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.13-1
- Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled
- Ticket #405 - referint modrdn not working if case is different
* Wed Jun 27 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.12-1
- Ticket 378 - unhashed#user#password visible after changing password
-  fix typo in previous patch
- Trac Ticket 396 - Account Usability Control Not Working
* Thu Jun 21 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.11-1
- Ticket #378 - audit log does not log unhashed password: enabled, by default.
- Ticket #378 - unhashed#user#password visible after changing password
- Ticket #365 - passwords in clear text in the audit log
* Mon Jun 18 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.10-1
- Ticket #390 - [abrt] 389-ds-base-1.2.10.6-1.fc16: slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
* Thu May 24 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.9-1
- Ticket #382 - DS Shuts down intermittently
- Trac Ticket #359 - Database RUV could mismatch the one in changelog under the stress
- Bug #361: Bad DNs in ACIs can segfault ns-slapd
- Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object
* Thu May  3 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.8-1
- Ticket #348 - crash in ldap_initialize with multiple threads
-  previous fix would crash in ldclt - this fixes that crash
* Mon Apr 30 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.7-1
- Ticket #348 - crash in ldap_initialize with multiple threads
- Ticket #347 - IPA dirsvr seg-fault during system longevity test
* Tue Apr 10 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.6-1
- Bug 808770 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
- typo in previous patch
* Tue Apr 10 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.5-1
- Bug 808770 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
- same as Ticket #336
* Wed Mar 21 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.4-2
- get rid of posttrans - move update code to post
* Tue Mar 13 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.4-1
- Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash
* Mon Mar  5 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.3-1
- b05139b memleak in normalize_mods2bvals
- c0eea24 memleak in mep_parse_config_entry
- 90bc9eb handle null smods
- Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash
- Ticket #306 - void function cannot return value
- ticket 304 - Fix kernel version checking in dsktune
* Thu Feb 23 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.2-1
- Trac Ticket #298 - crash when replicating orphaned tombstone entry
- Ticket #281 - TLS not working with latest openldap
- Trac Ticket #290 - server hangs during shutdown if betxn pre/post op fails
- Trac Ticket #26 - Please support setting defaultNamingContext in the rootdse
- Ticket #124 - add Provides: ldif2ldbm to rpm
* Tue Feb 14 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.1-1
- Ticket #294 - 389 DS Segfaults during replica install in FreeIPA
* Mon Feb 13 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.0-1
- Ticket 284 - Remove unnecessary SNMP MIB files
- Ticket 51 - memory leaks in 389-ds-base-1.2.8.2-1.el5?
- Ticket 175 - logconv.pl improvements
* Thu Feb  2 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10-0.10.rc1
- ad9dd30 coverity 12488 Resource leak In attr_index_config(): Leak of memory or pointers to system resources
- Ticket #281 - TLS not working with latest openldap
- Ticket #280 - extensible binary filters do not work
- Ticket #279 - filter normalization does not use matching rules
- Trac Ticket #275 - Invalid read reported by valgrind
- Ticket #277 - cannot set repl referrals or state
- Ticket #278 - Schema replication update failed: Invalid syntax
- Ticket #39 - Account Policy Plugin does not work for simple binds when PAM Pass Through Auth plugin is enabled
- Ticket #13 - slapd process exits when put the database on read only mode while updates are coming to the server
- Ticket #87 - Manpages fixes
- c493fb4 fix a couple of minor coverity issues
- Ticket #55 - Limit of 1024 characters for nsMatchingRule
- Trac Ticket #274 - Reindexing entryrdn fails if ancestors are also tombstoned
- Ticket #6 - protocol error from proxied auth operation
- Ticket #38 - nisDomain schema is incorrect
- Ticket #273 - ruv tombstone searches don't work after reindex entryrdn
- Ticket #29 - Samba3-schema is missing sambaTrustedDomainPassword
- Ticket #22 - RFE: Support sendmail LDAP routing schema
- Ticket #161 - Review and address latest Coverity issues
- Ticket #140 - incorrect memset parameters
- Trac Ticket 35 - Log not clear enough on schema errors
- Trac Ticket 139 - eliminate the use of char *dn in favor of Slapi_DN *dn
- Trac Ticket #52 - FQDN set to nsslapd-listenhost makes the server start fail if IPv4-mapped-IPv6 address is given
* Tue Jan 24 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10-0.9.a8
- Ticket #272 - add tombstonenumsubordinates to schema
* Mon Jan 23 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10-0.8.a7
- fixes for systemd - remove .pid files after shutting down servers
- Ticket #263 - add systemd include directive
- Ticket #264 - upgrade needs better check for "server is running"
* Fri Jan 20 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10-0.7.a7
- Ticket #262 - pid file not removed with systemd
- Ticket #50 - server should not call a plugin after the plugin close function is called
- Ticket #18 - Data inconsitency during replication
- Ticket #49 - better handling for server shutdown while long running tasks are active
- Ticket #15 - Get rid of rwlock.h/rwlock.c and just use slapi_rwlock instead
- Ticket #257 - repl-monitor doesn't work if leftmost hostnames are the same
- Ticket #12 - 389 DS DNA Plugin / Replication failing on GSSAPI
- 6aaeb77 add a hack to disable sasl hostname canonicalization
- Ticket 168 - minssf should not apply to rootdse
- Ticket #177 - logconv.pl doesn't detect restarts
- Ticket #159 - Managed Entry Plugin runs against managed entries upon any update without validating
- Ticket 75 - Unconfigure plugin opperations are being called.
- Ticket 26 - Please support setting defaultNamingContext in the rootdse.
- Ticket #71 - unable to delete managed entry config
- Ticket #167 - Mixing transaction and non-transaction plugins can cause deadlock
- Ticket #256 - debug build assertion in ACL_EvalDestroy()
- Ticket #4 - bak2db gets stuck in infinite loop
- Ticket #162 - Infinite loop / spin inside strcmpi_fast, acl_read_access_allowed_on_attr, server DoS
- Ticket #3: acl cache overflown problem
- Ticket 1 - pre-normalize filter and pre-compile substring regex - and other optimizations
- Ticket 2 - If node entries are tombstone'd, subordinate entries fail to get the full DN.
* Thu Dec 15 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.10-0.6.a6
- Bug 755725 - 389 programs linked against openldap crash during shutdown
- Bug 755754 - Unable to start dirsrv service using systemd
- Bug 745259 - Incorrect entryUSN index under high load in replicated environment
- d439e3a use slapi_hexchar2int and slapi_str_to_u8 everywhere
- 5910551 csn_init_as_string should not use sscanf
- b53ba00 reduce calls to csn_as_string and slapi_log_error
- c897267 fix member variable name error in slapi_uniqueIDFormat
- 66808e5 uniqueid formatting - use slapi_u8_to_hex instead of sprintf
- 580a875 csn_as_string - use slapi_uN_to_hex instead of sprintf
- Bug 751645 - crash when simple paged fails to send entry to client
- Bug 752155 - Use restorecon after creating init script lock file
* Fri Nov  4 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.10-0.5.a5
- Bug 751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD'
- Bug 750625 750624 750622 744946 Coverity issues
- Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication
- Bug 748575 - rhds81 modrn operation and 100% cpu use in replication
- Bug 745259 - Incorrect entryUSN index under high load in replicated environment
- f639711 Reduce the number of DN normalization
- c06a8fa Keep unhashed password psuedo-attribute in the adding entry
- Bug 744945 - nsslapd-counters attribute value cannot be set to "off"
- 8d3b921 Use new PLUGIN_CONFIG_ENTRY feature to allow switching between txn and regular
- d316a67 Change referential integrity to be a betxnpostoperation plugin
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #340 - procps-1.2.9 bug fix - sorting in reverse order w/short options
        https://bugzilla.redhat.com/show_bug.cgi?id=340
  [ 2 ] Bug #491 - Video mode deselects back to 25x80 on startup of Inetd
        https://bugzilla.redhat.com/show_bug.cgi?id=491
  [ 3 ] Bug #337 - "unqualified hostname unknown" and "unable to qualify my own domainname"
        https://bugzilla.redhat.com/show_bug.cgi?id=337
  [ 4 ] Bug #353 - NFS install over PLIP does not work properly.
        https://bugzilla.redhat.com/show_bug.cgi?id=353
  [ 5 ] Bug #860608 - CVE-2012-4450 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=860608
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update 389-ds-base' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list