--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-201ffffa3e
2019-02-05 01:54:14.893897
--------------------------------------------------------------------------------
Name : 389-ds-base
Product : Fedora 28
Version : 1.4.0.21
Release : 1.fc28
URL :
https://www.port389.org
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
--------------------------------------------------------------------------------
Update Information:
Bump version to 1.4.0.21
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 31 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.21-1
- Bump version to 1.4.0.21
- Ticket 50041 - CLI and WebUI - Add memberOf plugin functionality
- Ticket 50079 `Fix for ticket 50059: If an object is nsds5replica, it must be
cn=replica`
- Ticket 50125 - perl fix ups for tmpfiles
- Ticket 50164 - Add test for dscreate
- Ticket 50059: If an object is nsds5replica, it must be cn=replica
- Ticket 50169 - lib389 changed hardcoded systemctl path
- Ticket 50165 - Fix dscreate issues
- Ticket 50152 - Replace os.getenv('HOME') with os.path.expanduser
- Fix compiler warning in snmp main()
- Fix compiler warning in init.c
- Ticket 49540 - FIx compiler warning in ldif2ldbm
- Ticket 50077 - Fix compiler warnings in automember rebuild task
- Ticket 49972 - use-after-free in case of several parallel krb authentication
- Ticket 50161 - Fixed some descriptions in "dsconf backend --help"
- Ticket 50153 - Increase default max logs
- Ticket 50123 - with_tmpfiles_d is associated to systemd
- Ticket 49984 - python installer add option to create suffix entry
- Ticket 50077 - RFE - improve automember plugin to work with modify ops
- Ticket 50136 - Allow resetting passwords on the CLI
- Ticket 49994 - Adjust dsconf backend usage
- Ticket 50138 - db2bak.pl -P LDAPS does not work when nsslapd-securePort is missing
- Ticket 50122 - Fix incorrect path spec
- Ticket 50145 - Add a verbose option to the backup tools
- Ticket 50056 - dsctl db2ldif throws an exception
- Ticket 50078 - cannot add cenotaph in read only consumer
- Ticket 50126 - Incorrect usage of sudo in test
- Ticket 50130 - Building RPMs on RHEL8 fails
- Ticket 50134 - fixup-memberof.pl does not respect protocol requested
- Ticket 50122 - Selinux test for presence
- Ticket 50101 - Port fourwaymmr Test TET suit to python3
- Ticket 50091 - shadowWarning is not generated if passwordWarning is lower than 86400
seconds (1 day).
- Ticket 50128 - NS Stress fails without ipv6
- Ticket 49618 - Set nsslapd-cachememsize to custom value
- Ticket 50117 - after certain failed import operation, impossible to replay an import
operation
- Ticket 49999 - rpm.mk dist-bz2 should clean cockpit_dist first
- Ticket 48064 - Fix various issues in disk monitoring test suite
- Ticket 49938 - lib389 - Clean up CLI logging
- Ticket 49761 - Fix CI test suite issues
- Ticket 50056 - Fix UI bugs (part 2)
- Ticket 48064 - CI test - disk_monitoring
- Ticket 50099 - extend error messages
- Ticket 50099 - In FIPS mode, the server can select an unsupported password storage
scheme
- Ticket 50041 - Add basic plugin UI/CLI wrappers
- Ticket 50082 - Port state test suite
- Ticket 49574 - remove index subsystem
- Ticket 49588 - Add py3 support for tickets : part-5
- Ticket 50095 - cleanup deprecated key.h includes
* Fri Dec 14 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.20-1
- Bump version to 1.4.0.20
- Ticket 49994 - Add test for backend/suffix CLI functions
- Ticket 50090 - refactor fetch_attr() to slapi_fetch_attr()
- Ticket 50091 - shadowWarning is not generated if passwordWarning is lower than 86400
seconds (1 day)
- Ticket 50056 - Fix CLI/UI bugs
- Ticket 49864 - Revised replication status messages for transient errors
- Ticket 50071 - Set ports in local_simple_allocate function
- Ticket 50065 - lib389 aci parsing is too strict
- Ticket 50061 - Improve schema loading in UI
- Ticket 50063 - Crash after attempting to restore a single backend
- Ticket 50062 - Replace error by warning in the state machine defined in repl5_inc_run
- Ticket 50041 - Set the React dataflow foundation and add basic plugin UI
- Ticket 50028 - Revise ds-replcheck usage
- TIcket 50057 - Pass argument into hashtable_new
- Ticket 50053 - improve testcase
- Ticket 50053 - Subtree password policy overrides a user-defined password policy
- Ticket 49974 - lib389 - List instances with initconfig_dir instead of sysconf_dir
- Ticket 49984 - Add an empty domain creation to the dscreate
- Ticket 49950 - PassSync not setting pwdLastSet attribute in Active Directory after Pw
update from LDAP sync for normal user
- Ticket 50046 - Remove irrelevant debug-log messages from CLI tools
- Ticket 50022, 50012, 49956, and 49800: Various dsctl/dscreate fixes
- Ticket 49927 - dsctl db2index does not work
- Ticket 49814 - dscreate should handle selinux ports that are in a range
- Ticket 49543 - fix certmap dn comparison
- Ticket 49994 - comment out dev paths
- Ticket 49994 - Add backend features to CLI
- Ticket 48081 - Add new CI tests for password
* Thu Nov 1 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.19-1
- Bump version to 1.4.0.19
- Ticket 50026 - audit logs does not capture the operation where nsslapd-lookthroughlimit
is modified
- Ticket 50020 - during MODRDN referential integrity can fail erronously while updating
large groups
- Ticket 49999 - Finish up the transfer to React
- Ticket 50004 - lib389 - improve X-ORIGIN schema parsing
- Ticket 50013 - Log warn instead of ERR when aci target does not exist.
- Ticket 49975 - followup for broken prefix deployment
- Ticket 49999 - Add dist-bz2 target for Koji build system
- Ticket 49814 - Add specfile requirements for python3-libselinux
- Ticket 49814 - Add specfile requirements for python3-selinux
- Ticket 49999 - Integrate React structure into cockpit-389-ds
- Ticket 49995 - Fix Tickets with internal op logging
- Ticket 49997 - RFE: ds-replcheck could validate suffix exists and it's replicated
- Ticket 49985 - memberof may silently fails to update a member
- Ticket 49967 - entry cache corruption after failed MODRDN
- Ticket 49975 - Add missing include file to main.c
- Ticket 49814 - skip standard ports for selinux labelling
- Ticket 49814 - dscreate should set the port selinux labels
- Ticket 49856 - Remove backend option from bak2db
- Ticket 49926 - Fix various Tickets with replication UI
- Ticket 49975 - SUSE rpmlint Tickets
- Ticket 49939 - Fix ldapi path in lib389
- Ticket 49978 - Add CLI logging function for UI
- Ticket 49929 - Modifications required for the Test Case Management System
- Ticket 49979 - Fix regression in last commit
- Ticket 49979 - Remove dirsrv tests subpackage
- Ticket 49928 - Fix various small WebUI schema Tickets
- Ticket 49926 - UI - comment out dev cli patchs
- Ticket 49926 - Add replication functionality to UI
* Wed Oct 10 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.18-1
- Bump version to 1.4.0.18
- Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from
filter_candidates_ext
- Ticket 49946 - upgrade of 389-ds-base could remove replication agreements.
- Ticket 49969 - DOS caused by malformed search operation (part 2)
* Tue Oct 9 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.17-2
- Bump version to 1.4.0.17-2
- Ticket 49969 - DOS caused by malformed search operation (security fix)
- Ticket 49943 - rfc3673_all_oper_attrs_test is not strict enough
- Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and
replication cannot finish
- Ticket 49963 - ASAN build fails on F28
- Ticket 49947 - Coverity Fixes
- Ticket 49958 - extended search fail to match entries
- Ticket 49928 - WebUI schema functionality and improve CLI part
- Ticket 49954 - On s390x arch retrieved DB page size is stored as size_t rather than
uint32_t
- Ticket 49928 - Refactor and improve schema CLI/lib389 part to DSLdapObject
- Ticket 49926 - Fix replication tests on 1.3.x
- Ticket 49926 - Add replication functionality to dsconf
- Ticket 49887 - Clean up thread local usage
- Ticket 49937 - Log buffer exceeded emergency logging msg is not thread-safe (security
fix)
- Ticket 49866 - fix typo in cos template in pwpolicy subtree create
- Ticket 49930 - Correction of the existing fixture function names to remove test_ prefix
- Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are
terminated unexpectedly
- Ticket 48053 - Add attribute encryption test cases
- Ticket 49866 - Refactor PwPolicy lib389/CLI module
- Ticket 49877 - Add log level functionality to UI
* Fri Aug 24 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.16-1
- Bump version to 1.4.0.16
- Revert "Ticket 49372 - filter optimisation improvements for common queries"
- Revert "Ticket 49432 - filter optimise crash"
- Ticket 49887: Fix SASL map creation when --disable-perl
- Ticket 49858 - Add backup/restore and import/export functionality to WebUI/CLI
* Thu Aug 16 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.15-1
- Bump version to 1.4.0.15
- Ticket 49029 - Internal logging thread data needs to allocate int pointers
- Ticket 48061 - CI test - config
- Ticket 48377 - Only ship libjemalloc.so.2
- Ticket 49885 - On some platform fips does not exist
* Mon Aug 13 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.14-2
- Bump version to 1.4.0.14-2
- Fix legacy tool scriplet error
- Remove ldconfig calls
- Only provide libjemalloc.so.2
* Fri Aug 10 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.14-1
- Bump version to 1.4.0.14
- Ticket 49891 - Use "__python3" macro for python scripts
- Ticket 49890 - ldapsearch with server side sort crashes the ldap server
- Ticket 49029 - RFE -improve internal operations logging
- Ticket 49893 - disable nunc-stans by default
- Ticket 48377 - Update file name for LD_PRELOAD
- Ticket 49884 - Improve nunc-stans test to detect socket errors sooner
- Ticket 49888 - Use perl filter in rpm specfile
- Ticket 49866 - Add password policy features to CLI/UI
- Ticket 49881 - Missing check for crack.h
- Ticket 48056 - Add more test cases to the basic suite
- Ticket 49761 - Fix replication test suite issues
- Ticket 49381 - Refactor the plugin test suite docstrings
- Ticket 49837 - Add new password policy attributes to UI
- Ticket 49794 - RFE - Add pam_pwquality features to password syntax checking
- Ticket 49867 - Fix CLI tools' double output
* Thu Jul 19 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.13-1
- Bump version to 1.4.0.13
- Ticket 49854 - ns-slapd should create run_dir and lock_dir directories at startup
- Ticket 49806 - Add SASL functionality to CLI/UI
- Ticket 49789 - backout original security fix as it caused a regression in FreeIPA
- Ticket 49857 - RPM scriptlet for 389-ds-base-legacy-tools throws an error
* Tue Jul 17 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.12-1
- Bump version to 1.4.0.12-1
- Ticket 48377 - Move jemalloc license to /usr/share/licences
- Ticket 49813 - Revised interactive installer
- Ticket 49789 - By default, do not manage unhashed password
- Ticket 49844 - lib389: don't set up logging at module scope
- Ticket 49546 - Fix issues with MIB file
- Ticket 49840 - ds-replcheck command returns traceback errors against ldif files having
garbage content when run in offline mode
- Ticket 49640 - Cleanup plugin bootstrap logging
- Ticket 49835 - lib389: fix logging
- Ticket 48818 - For a replica bindDNGroup, should be fetched the first time it is used
not when the replica is started
- Ticket 49780 - acl_copyEval_context double free
- Ticket 49830 - Import fails if backend name is "default"
- Ticket 49832 - remove tcmalloc references
- Ticket 49813 - dscreate - add interactive installer
- Ticket 49808 - Add option to add backend to dscreate
- Ticket 49811 - lib389 setup.py should install autogenerated man pages
- Ticket 49795 - UI - add "action" backend funtionality
- Ticket 49588 - Add py3 support for tickets : part-3
- Ticket 49820 - lib389 requires wrong python ldap library
- Ticket 49791 - Update docker file for new dscreate options
- Ticket 49761 - Fix more CI test issues
- Ticket 49811 - Update man pages
- Ticket 49783 - UI - add server configuration backend
- Ticket 49717 - Add conftest.py for tests
- Ticket 49588 - Add py3 support for tickets
- Ticket 49793 - Updated descriptions in dscreate example INF file
- Ticket 49471 - Rename dscreate options
- Ticket 49751 - passwordMustChange attribute is not honored by a RO consumer if using
"Chain on Update"
- Ticket 49734 - Fix various issues with Disk Monitoring
- Update Source0 URL in rpm/389-ds-base.spec.in
* Thu Jun 21 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.11-2
- Bump version to 1.4.0.11-2
- Add python3-lib389 requirement
* Tue Jun 19 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.11-1
- Bump version to 1.4.0.11
- Test for issue #49788
- Fixing 4-byte UTF-8 character validation
- Ticket 49777 - add config subcommand to dsconf
- Ticket 49712 - lib389 CLI tools should return a result code on failures
- Issue 49588 - Add py3 support for tickets : part-2
- Remove old RHEL/fedora version checking from upstream specfile
- Ticket 48204 - remove python2 from scripts
- Ticket 49576 - ds-replcheck: fix certificate directory verification
- Bug 1591761 - 389-ds-base: Remove jemalloc exports
* Fri Jun 8 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.10-2
- Bump verision to 1.4.0.10-2
- Remove reference ro stop-dirsrv from legacy tools
* Fri Jun 8 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.10-1
- Bump verision to 1.4.0.10-1
- Ticket 49640 - Errors about PBKDF2 password storage plugin at server startup
- Ticket 49571 - perl subpackage and python installer by default
- Ticket 49740 - UI - Replication monitor color coding is not colorblind friendly
- Ticket 49741 - UI - View/Edit replication agreement hangs WebUI
- Ticket 49703 - UI - Set default values in create instance form
- Ticket 49742 - Fine grained password policy can impact search performance
- Ticket 49768 - Under network intensive load persistent search can erronously decrease
connection refcnt
- Ticket 49765 - compiler warning
- Ticket 49689 - Cockpit subpackage does not build in PREFIX installations
- Ticket 49765 - Async operations can hang when the server is running nunc-stans
- Ticket 49745 - UI add filter options for error log severity levels
- Ticket 49761 - Fix test suite issues
- Ticket 49754 - instances created with dscreate can not be upgraded with setup-ds.pl
- Ticket 47902 - UI - add continuous refresh log feature
- Ticket 49381 - Add docstrings to plugin test suites - Part 1
- Ticket 49646 - Improve TLS cert processing in lib389 CLI
- Ticket 49748 - Passthru plugin startTLS option not working
- Ticket 49732 - Optimize resource limit checking for rootdn issued searches
- Ticket 48377 - Bundle jemalloc
- Ticket 49736 - Hardening of active connection list
- Ticket 48184 - clean up and delete connections at shutdown (3rd)
- Ticket 49675 - Revise coverity fix
- Ticket 49333 - Do not remove versioned man pages
- Ticket 49683 - Add support for JSON option in lib389 CLI tools
- Ticket 49704 - Error log from the installer is concatenating all lines into one
- Ticket 49726 - DS only accepts RSA and Fortezza cipher families
- Ticket 49722 - Errors log full of " WARN - keys2idl - recieved NULL idl from
index_read_ext_allids, treating as empty set" messages
- Ticket 49582 - Add py3 support to memberof_plugin test suite
- Ticket 49675 - Fix coverity issues
- Ticket 49576 - Add support of ";deletedattribute" in ds-replcheck
- Ticket 49706 - Finish UI patternfly convertions
- Ticket 49684 - AC_PROG_CC clobbers CFLAGS set by --enable-debug
- Ticket 49678 - organiSational vs organiZational spelling in lib389
- Ticket 49689 - Fix local "make install" after adding cockpit subpackage
- Ticket 49689 - Move Cockpit UI plugin to a subpackage
- Ticket 49679 - Missing nunc-stans documentation and doxygen warnings
- Ticket 49588 - Add py3 support for tickets : part-1
- Ticket 49576 - Update ds-replcheck for new conflict entries
- Ticket 48184 - clean up and delete connections at shutdown (2nd try)
- Ticket 49698 - Remove unneeded patternfly files from Cockpit package
- Ticket 49581 - Fix dynamic plugins test suite
- Ticket 49665 - remove obsoleted upgrade scripts
- Ticket 49693 - A DB_DEADLOCK while adding a tombstone (RUV) leads to access of an
already freed entry
- Ticket 49696 - replicated operations should be serialized
- Ticket 49669 - Invalid cachemem size can crash the server during a restore
- Ticket 49684 - AC_PROG_CC clobbers CFLAGS set by --enable-debug
- Ticket 49685 - make clean fails if cargo is not installed
- Ticket 49106 - Move ds_* scripts to libexec
- Ticket 49657 - Fix cascading replication scenario in lib389 API
- Ticket 49671 - Readonly replicas should not write internal ops to changelog
- Ticket 49673 - nsslapd-cachememsize can't be set to a value bigger than MAX_INT
- Ticket 49519 - Convert Cockpit UI to use strictly patternfly stylesheets
- Ticket 49665 - Upgrade script doesn't enable CRYPT password storage plug-in
- Ticket 49665 - Upgrade script doesn't enable PBKDF2 password storage plug-in
* Tue May 15 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.9-2
- Bump version to 1.4.0.9-2
- Add openssl-perl requirement for new python installer
* Tue May 8 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.9-1
- Bump version to 1.4.0.9
- Ticket 49661 - CVE-2018-1089 - Crash from long search filter
- Ticket 49652 - DENY aci's are not handled properly
- Ticket 49650 - lib389 enable_tls doesn't work on F28
- Ticket 49538 - replace cacertdir_rehash with openssl rehash
- Ticket 49406 - Port backend_test.py test to DSLdapObject implementation
- Ticket 49649 - Use reentrant crypt_r()
- Ticket 49642 - lib389 should generate a more complex password
- Ticket 49612 - lib389 remove_ds_instance() does not remove systemd units
- Ticket 49644 - crash in debug build
* Mon Apr 30 2018 Pete Walter <pwalter(a)fedoraproject.org> - 1.4.0.8-1.1
- Rebuild for ICU 61.1
* Thu Apr 19 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.8-1
- Bump version to 1.4.0.8-1
- Ticket 49639 - Crash when failing to read from SASL conn
- Ticket 49109 - nsDS5ReplicaTransportInfo should accept StartTLS as an option
- Ticket 49586 - Add py3 support to plugins test suite
- Ticket 49511 - memory leak in pwdhash
* Mon Apr 16 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.7-2
- Bump version to 1.4.0.7-2
- Fix the devel srvcore requirements
* Fri Apr 13 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.7-1
- Bump version to 1.4.0.7
- Ticket 49477 - Missing pbkdf python
- Ticket 49552 - Fix the last of the build issues on F28/29
- Ticket 49522 - Fix build issues on F28
- Ticket 49631 - same csn generated twice
- Ticket 49585 - Add py3 support to password test suite : part-3
- Ticket 49585 - Add py3 support to password test suite : part-2
- Ticket 48184 - revert previous patch around unuc-stans shutdown crash
- Ticket 49585 - Add py3 support to password test suite
- Ticket 46918 - Fix compiler warnings on arm
- Ticket 49601 - Replace HAVE_SYSTEMD define with WITH_SYSTEMD in svrcore
- Ticket 49619 - adjustment of csn_generator can fail so next generated csn can be equal
to the most recent one received
- Ticket 49608 - Add support for gcc/clang sanitizers
- Ticket 49606 - Improve lib389 documentation
- Ticket 49552 - Fix build issues on F28
- Ticket 49603 - 389-ds-base package rebuilt on EPEL can't be installed due to missing
dependencies
- Ticket 49593 - NDN cache stats should be under the global stats
- Ticket 49599 - Revise replication total init status messages
- Ticket 49596 - repl-monitor.pl fails to find db tombstone/RUV entry
- Ticket 49589 - merge svrcore into 389-ds-base
- Ticket 49560 - Add a test case for extract-pemfiles
- Ticket 49239 - Add a test suite for ds-replcheck tool RFE
- Ticket 49369 - merge svrcore into 389-ds-base
* Thu Mar 29 2018 Till Maas <opensource(a)till.name> - 1.4.0.6-3
- Remove BR on tcp_wrappers (
https://bugzilla.redhat.com/show_bug.cgi?id=1518749)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-201ffffa3e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------