--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-6214f75764
2019-10-25 16:59:13.269313
--------------------------------------------------------------------------------
Name : 389-ds-base
Product : Fedora 30
Version : 1.4.1.8
Release : 4.fc30
URL :
https://www.port389.org
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
--------------------------------------------------------------------------------
Update Information:
Bump version to 1.4.1.8-4
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.1.8-4
- Bump version to 1.4.1.8-4
- Remove perl filter provides/requires as its causes more regressions
* Fri Sep 27 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.1.8-3
- Bump version to 1.4.1.8-3
- Fix perl filter provides/requires
* Thu Sep 26 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.1.8-2
- Bump version to 1.4.1.8-2
- Revert perl filter as it broke legacy tools
* Thu Sep 26 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.1.8-1
- Bump version to 1.4.1.8
- Issue 50545 - Port repl-monitor.pl to lib389 CLI
- Issue 50620 - Fix regressions from 50506 (slapi_enry_attr_get_ref)
* Tue Sep 17 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.1.7-1
- Bump version to 1.4.1.7
- Issue 50581 - ns-slapd crashes during ldapi search
- Issue 50604 - Fix UI validation
- Issue 50593 - Investigate URP handling on standalone instance
- Issue 50506 - Fix regression for relication stripattrs
- Issue 50546 - fix more UI issues(part 2)
- Issue 50546 - fix more UI issues
- Issue 50546 - Fix various issues in UI
- Issue 50576 - Same proc uid/gid maps to rootdn for ldapi sasl
- Issue 50567, 50568 - strict host check disable and display container version
- Issue 50550 - DS installer debug messages leaking to ipa-server-install
- Issue 50545 - Port fixup-memberuid and add the functionality to CLI and UI
- Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted
- Issue 50578 - Add SKIP_AUDIT_CI flag for Cockpit builds
- Issue 50349 - filter schema validation
- Issue 48055 - CI test-(Plugin configuration should throw proper error messages if not
configured properly)
- Issue 49324 - idl_new fix assert
- Issue 50564 - Fix rust libraries by default and improve docker
- Issue 50206 - Refactor lock, unlock and status of dsidm account/role
- Issue 49324 - idl_new report index name in error conditions
- Issue 49761 - Fix CI test suite issues
- Issue 50506 - Fix regression from slapi_entry_attr_get_ref refactor
- Issue 50499 - Audit fix - Update npm 'eslint-utils' version
- Issue 49624 - modrdn silently fails if DB deadlock occurs
- Issue 50542 - fix crash in filter tests
- Issue 49761 - Fix CI test suite issues
- Issue 50542 - Entry cache contention during base search
- Issue 50462 - Fix CI tests
- Issue 50490 - objects and memory leaks
- Issue 50538 - Move CI test to individual file
- Issue 50538 - cleanAllRUV task limit is not enforced for replicated tasks
- Issue 50536 - Audit log heading written to log after every update
- Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets
deleted
- Issue 50534 - CLI change schema edit subcommand to replace
- Issue 50506 - cont Fix invalid frees from pointer reference calls
- Issue 50507 - Fix Cockpit UI styling for PF4
- Issue 48851 - investigate and port TET matching rules filter tests(indexing final)
- Issue 48851 - Add more test cases to the match test suite(mode replace)
- Issue 50530 - Directory Server not RFC 4511 compliant with requested attr
"1.1"
- Issue 50529 - LDAP server returning PWP controls in different sequence
- Issue 50506 - Fix invalid frees from pointer reference calls.
- Issue 50506 - Replace slapi_entry_attr_get_charptr() with slapi_entry_attr_get_ref()
- Issue 50521 - Add regressions in CI tests
- Issue 50510 - etime can contain invalid nanosecond value
- Issue 50488 - Create a monitor for disk space usagedisk-space-mon
- Issue 50511 - lib389 PosixGroups type can not handle rdn properly
- Issue 50508 - UI - fix local password policy form
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.4.1.6-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jul 19 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.1.6-1
- Bump version to 1.4.1.6
- Issue 50355 - SSL version min and max not correctly applied
- Issue 50497 - Port cl-dump.pl tool to Python using lib389
- Issue 48851 - investigate and port TET matching rules filter tests(Final)
- Issue 50417 - fix regression from previous commit
- Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file
- Issue 50325 - Add Security tab to UI
- Issue 49789 - By default, do not manage unhashed password
- Issue 49421 - Implement password hash upgrade on bind.
- Issue 49421 - on bind password upgrade proof of concept
- Issue 50493 - connection_is_free to trylock
- Issue 50459 - Correct issue with allocation state
- Issue 50499 - Fix audit issues and remove jquery from the whitelist
- Issue 50459 - c_mutex to use pthread_mutex to allow ns sharing
- Issue 50484 - Add a release build dockerfile and dscontainer improvements
- Issue 50486 - Update jemalloc to 5.2.0
* Mon Jul 8 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.1.5-1
- Bump version to 1.4.1.5
- Issue 50431 - Fix regression from coverity fix (crash in memberOf plugin)
- Issue 49239 - Add a new CI test case
- Issue 49997 - Add a new CI test case
- Issue 50177 - Add a new CI test case, also added fixes in lib389
- Issue 49761 - Fix CI test suite issues
- Issue 50474 - Unify result codes for add and modify of repl5 config
- Issue 50472 - memory leak with encryption
- Issue 50462 - Fix Root DN access control plugin CI tests
- Issue 50462 - Fix CI tests
- Issue 50217 - Implement dsconf security section
- Issue 48851 - Add more test cases to the match test suite.
- Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
- Issue 50439 - fix waitpid issue when pid does not exist
- Issue 50454 - Fix Cockpit UI branding
- Issue 48851 - investigate and port TET matching rules filter tests(index)
- Issue 49232 - Truncate the message when buffer capacity is exceeded
* Tue Jun 18 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.1.4-1
- Bump version to 1.4.1.4
- Issue 49361 - Use IPv6 friendly network functions
- Issue 48851 - Investigate and port TET matching rules filter tests(bug772777)
- Issue 50446 - NameError: name 'ds_is_older' is not defined
- Issue 49602 - Revise replication status messages
- Issue 50439 - Update docker integration to work out of source directory
- Issue 50037 - revert path changes as it breaks prefix/rpm builds
- Issue 50431 - Fix regression from coverity fix
- Issue 50370 - CleanAllRUV task crashing during server shutdown
- Issue 48851 - investigate and port TET matching rules filter tests(match)
- Issue 50417 - Fix missing quote in some legacy tools
- Issue 50431 - Fix covscan warnings
- Revert "Issue 49960 - Core schema contains strings instead of numer oids"
- Issue 50426 - nsSSL3Ciphers is limited to 1024 characters
- Issue 50052 - Fix rpm.mk according to audit-ci change
- Issue 50365 - PIDFile= references path below legacy directory /var/run/
- Issue 50428 - Log the actual base DN when the search fails with "invalid attribute
request"
- Issue 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to
TLS
- Issue 50417 - Revise legacy tool scripts to work with new systemd changes
- Issue 48851 - Add more search filters to vfilter_simple test suite
- Issue 49761 - Fix CI test suite issues
- Issue 49875 - Move SystemD service config to a drop-in file
- Issue 50413 - ds-replcheck - Always display the Result Summary
- Issue 50052 - Add package-lock.json and use "npm ci"
- Issue 48851 - investigate and port TET matching rules filter tests(vfilter simple)
- Issue 50355 - NSS can change the requested SSL min and max versions
- Issue 48851 - investigate and port TET matching rules filter tests(vfilter_ld)
- Issue 50390 - Add Managed Entries Plug-in Config Entry schema
- Issue 49730 - Remove unused Mozilla ldapsdk variables
* Fri May 24 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.1.3-1
- Bump version to 1.4.1.3
- Issue 49761 - Fix CI test suite issues
- Issue 50041 - Add the rest UI Plugin tabs - Part 2
- Issue 50340 - 2nd try - structs for diabled plugins will not be freed
- Issue 50403 - Instance creation fails on 1.3.9 using perl utils and latest lib389
- Issue 50389 - ns-slapd craches while two threads are polling the same connection
- Issue 48851 - investigate and port TET matching rules filter tests(scanlimit)
- Issue 50037 - lib389 fails to install in venv under non-root user
- Issue 50112 - Port ACI test suit from TET to python3(userattr)
- Issue 50393 - maxlogsperdir accepting negative values
- Issue 50112 - Port ACI test suit from TET to python3(roledn)
- Issue 49960 - Core schema contains strings instead of numer oids
- Issue 50396 - Crash in PAM plugin when user does not exist
- Issue 50387 - enable_tls() should label ports with ldap_port_t
- Issue 50390 - Add Managed Entries Plug-in Config Entry schema
- Issue 50306 - Fix regression with maxbersize
- Issue 50384 - Missing dependency: cracklib-dicts
- Issue 49029 - [RFE] improve internal operations logging
- Issue 49761 - Fix CI test suite issues
- Issue 50374 - dsdim posixgroup create fails with ERROR
- Issue 50251 - clear text passwords visable in CLI verbose mode logging
- Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
- Issue 48851 - investigate and port TET matching rules filter tests
- Issue 50220 - attr_encryption test suite failing
- Issue 50370 - CleanAllRUV task crashing during server shutdown
- Issue 50340 - structs for disabled plugins will not be freed
- Issue 50164 - Add test for dscreate to basic test suite
- Issue 50363 - ds-replcheck incorrectly reports error out of order multi-valued
attributes
- Issue 49730 - MozLDAP bindings have been unsupported for a while
- Issue 50353 - Categorize tests by tiers
- Issue 50303 - Add creation date to task data
- Issue 50358 - Create a Bitwise Plugin class in plugins.py
- Remove the nss3 path prefix from the cert.h C preprocessor source file inclusion
- Issue 50329 - revert fix
- Issue 50112 - Port ACI test suit from TET to python3(keyaci)
- Issue 50344 - tidy rpm vs build systemd flag handling
- Issue 50067 - Fix krb5 dependency in a specfile
- Issue 50340 - structs for diabled plugins will not be freed
- Issue 50327 - Add replication conflict support to UI
- Issue 50327 - Add replication conflict entry support to lib389/CLI
- Issue 50329 - improve connection default parameters
- Issue 50313 - Add a NestedRole type to lib389
- Issue 50112 - Port ACI test suit from TET to python3(Delete and Add)
- Issue 49390, 50019 - support cn=config compare operations
- Issue 50041 - Add the rest UI Plugin tabs - Part 1
- Issue 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
- Issue 49990 - Increase the default FD limits
- Issue 50306 - (cont typo) Move connection config inside struct
- Issue 50291 - Add monitor tab functionality to Cockpit UI
- Issue 50317 - fix ds-backtrace issue on latest gdb
- Issue 50305 - Revise CleanAllRUV task restart process
- Issue 49915 - Fix typo
- Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is
modified
- Issue 49899 - fix pin.txt and pwdfile permissions
- Issue 49915 - Add regression test
- Issue 50303 - Add task creation date to task data
- Issue 50306 - Move connection config inside struct
- Issue 50240 - Improve task logging
- Issue 50032 - Fix deprecation warnings in tests
- Issue 50310 - fix sasl header include
- Issue 49390 - improve compare and cn=config compare tests
* Wed Apr 3 2019 Adam Williamson <awilliam(a)redhat.com> - 1.4.1.2-3
- Rebuild without changes to be newer than 1.4.1.2-1 (see #1694990)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-6214f75764' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------