--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-01a5328b48
2019-11-11 17:39:30.878712
--------------------------------------------------------------------------------
Name : 389-ds-base
Product : Fedora 29
Version : 1.4.0.30
Release : 1.fc29
URL :
https://www.port389.org
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
--------------------------------------------------------------------------------
Update Information:
Bump version to 1.4.0.30
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.30-1
- Bump version to 1.4.0.30
- Issue 50592 - Fix cherry-pick error
* Fri Nov 1 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.29-1
- Bump version to 1.4.0.29
- Issue 50592 - Port Replication Tab to ReactJS
- Issue 50067 - Fix krb5 dependency in a specfile
- Issue 50545 - Port repl-monitor.pl to lib389 CLI
- Issue 50497 - Port cl-dump.pl tool to Python using lib389
- Issue 49850 - cont -fix crash in ldbm_non_leaf
- Issue 50634 - Clean up CLI errors output - Fix wrong exception
- Issue 50634 - Clean up CLI errors output
- Issue 49850 - ldbm_get_nonleaf_ids() slow for databases with many non-leaf entries
- Issue 50655 - access log etime is not properly formatted
- Issue 50653 - objectclass parsing fails to log error message text
- Issue 50646 - Improve task handling during shutdowns
- Issue 50622 - ds_selinux_enabled may crash on suse
* Tue Sep 17 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.28-1
- Bump version to 1.4.0.28
- Issue 50581 - ns-slapd crashes during ldapi search
- Issue 50499 - Audit fix - Update npm 'eslint-utils' version
- Issue 49624 - modrdn silently fails if DB deadlock occurs
- Issue 50542 - Fix crash in filter tests
- Issue 49232 - Truncate the message when buffer capacity is exceeded
- Issue 50542 - Entry cache contention during base search
- Issue 50538 - cleanAllRUV task limit is not enforced for replicated tasks
- Issue 50536 - Audit log heading written to log after every update
- Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets
deleted
- Issue 50534 - CLI change schema edit subcommand to replace
- Issue 50534 - backport UI schema editing fix
* Tue Aug 6 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.27-1
- Bump version to 1.4.0.27
- Issue 50208 - make instances mark off based on dse.ldif not sysconfig
- Issue 50530 - Directory Server not RFC 4511 compliant with requested attr
"1.1"
- Issue 50529 - LDAP server returning PWP controls in different sequence
- Issue 50508 - UI - fix local password policy form
* Fri Jul 19 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.26-1
- Bump version to 1.4.0.26
- Issue 50499 - Fix audit issues and remove jquery from the whitelist
- Issue 50355 - SSL version min and max not correctly applied
- Issue 50325 - Add Security tab to UI
- Issue 50177 - Add a new CI test case, also added fixes in lib389
* Mon Jul 8 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.25-1
- Bump version to 1.4.0.25
- Issue 50431 - Fix regression from coverity fix
* Tue Jun 25 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.24-1
- Bump version to 1.4.0.24
- Issue 50052 - Fix rpm.mk according to audit-ci change
- Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present
- Issue 50041 - Add the rest UI Plugin tabs - Part 1
- Issue 50217 - Implement dsconf security section
- Issue 49602 - Revise replication status messages
- Issue 50431 - Fix regression from coverity fix
- Issue 50431 - Fix covscan warnings
- Issue 50426 - nsSSL3Ciphers is limited to 1024 characters
- Issue 50428 - Log the actual base DN when the search fails with "invalid attribute
request"
- Issue 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to
TLS
- Issue 50413 - ds-replcheck - Always display the Result Summary
- Issue 50355 - NSS can change the requested SSL min and max versions
* Fri May 24 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.23-1
- Ticket 50041 - Add the rest UI Plugin tabs - Part 2
- Ticket 50340 - 2nd try - structs for diabled plugins will not be freed
- Ticket 50393 - maxlogsperdir accepting negative values
- Ticket 50396 - Crash in PAM plugin when user does not exist
- Ticket 50390 - Add Managed Entries Plug-in Config Entry schema
- Ticket 50251 - clear text passwords visable in CLI verbose mode logging
- Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
- Ticket 50370 - CleanAllRUV task crashing during server shutdown
- Ticket 50340 - structs for disabled plugins will not be freed
- Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued
attributes
- Ticket 50329 - revert fix
- Ticket 50340 - structs for diabled plugins will not be freed
- Ticket 50327 - Add replication conflict support to UI
- Ticket 50327 - Add replication conflict entry support to lib389/CLI
- Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
- Ticket 49990 - Increase the default FD limits
- Ticket 50291 - Add monitor tab functionality to Cockpit UI
- Ticket 50305 - Revise CleanAllRUV task restart process
- Ticket 50303 - Add task creation date to task data
- Ticket 50240 - Improve task logging
* Fri Mar 29 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.22-1
- Bump version to 1.4.0.22
- Ticket 50308 - Revise memory leak fix
- Ticket 50308 - Fix memory leaks for repeat binds and replication
- Ticket 49873 - (cont 3rd) cleanup debug log
- Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup
- Ticket 50292 - Fix Plugin CLI and UI issues
- Ticket 50289 - Fix various database UI issues
- Ticket 50300 - Fix memory leak in automember plugin
- Ticket 50265 - the warning about skew time could last forever
- Ticket 50260 - Invalid cache flushing improvements
- Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed
entry
- Ticket 50077 - Do not automatically turn automember postop modifies on
- Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members
- Ticket 49873 - (cont) Contention on virtual attribute lookup
- Ticket 50260 - backend txn plugins can corrupt entry cache
- Ticket 50041 - Add CLI functionality for special plugins
- Ticket 50273 - reduce default replicaton agmt timeout
- Ticket 50234 - one level search returns not matching entry
- Ticket 50232 - export creates not importable ldif file
- Ticket 50215 - UI - implement Database Tab in reachJS
- Ticket 50238 - Failed modrdn can corrupt entry cache
- Ticket 50236 - memberOf should be more robust
- Ticket 50151 - lib389 support cli add/replace/delete on objects
- Ticket 50155 - password history check has no way to just check the current password
- Ticket 49873 - Contention on virtual attribute lookup
- Ticket 49658 - In replicated topology a single-valued attribute can diverge
- Ticket 50177 - import task should not be deleted too rapidely after import finishes to
be able to query the status
- Ticket 50165 - Fix issues with dscreate
* Thu Jan 31 2019 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.21-1
- Bump version to 1.4.0.21
- Ticket 50041 - CLI and WebUI - Add memberOf plugin functionality
- Ticket 50079 `Fix for ticket 50059: If an object is nsds5replica, it must be
cn=replica`
- Ticket 50125 - perl fix ups for tmpfiles
- Ticket 50164 - Add test for dscreate
- Ticket 50059: If an object is nsds5replica, it must be cn=replica
- Ticket 50169 - lib389 changed hardcoded systemctl path
- Ticket 50165 - Fix dscreate issues
- Ticket 50152 - Replace os.getenv('HOME') with os.path.expanduser
- Fix compiler warning in snmp main()
- Fix compiler warning in init.c
- Ticket 49540 - FIx compiler warning in ldif2ldbm
- Ticket 50077 - Fix compiler warnings in automember rebuild task
- Ticket 49972 - use-after-free in case of several parallel krb authentication
- Ticket 50161 - Fixed some descriptions in "dsconf backend --help"
- Ticket 50153 - Increase default max logs
- Ticket 50123 - with_tmpfiles_d is associated to systemd
- Ticket 49984 - python installer add option to create suffix entry
- Ticket 50077 - RFE - improve automember plugin to work with modify ops
- Ticket 50136 - Allow resetting passwords on the CLI
- Ticket 49994 - Adjust dsconf backend usage
- Ticket 50138 - db2bak.pl -P LDAPS does not work when nsslapd-securePort is missing
- Ticket 50122 - Fix incorrect path spec
- Ticket 50145 - Add a verbose option to the backup tools
- Ticket 50056 - dsctl db2ldif throws an exception
- Ticket 50078 - cannot add cenotaph in read only consumer
- Ticket 50126 - Incorrect usage of sudo in test
- Ticket 50130 - Building RPMs on RHEL8 fails
- Ticket 50134 - fixup-memberof.pl does not respect protocol requested
- Ticket 50122 - Selinux test for presence
- Ticket 50101 - Port fourwaymmr Test TET suit to python3
- Ticket 50091 - shadowWarning is not generated if passwordWarning is lower than 86400
seconds (1 day).
- Ticket 50128 - NS Stress fails without ipv6
- Ticket 49618 - Set nsslapd-cachememsize to custom value
- Ticket 50117 - after certain failed import operation, impossible to replay an import
operation
- Ticket 49999 - rpm.mk dist-bz2 should clean cockpit_dist first
- Ticket 48064 - Fix various issues in disk monitoring test suite
- Ticket 49938 - lib389 - Clean up CLI logging
- Ticket 49761 - Fix CI test suite issues
- Ticket 50056 - Fix UI bugs (part 2)
- Ticket 48064 - CI test - disk_monitoring
- Ticket 50099 - extend error messages
- Ticket 50099 - In FIPS mode, the server can select an unsupported password storage
scheme
- Ticket 50041 - Add basic plugin UI/CLI wrappers
- Ticket 50082 - Port state test suite
- Ticket 49574 - remove index subsystem
- Ticket 49588 - Add py3 support for tickets : part-5
- Ticket 50095 - cleanup deprecated key.h includes
* Fri Dec 14 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.20-1
- Bump version to 1.4.0.20
- Ticket 49994 - Add test for backend/suffix CLI functions
- Ticket 50090 - refactor fetch_attr() to slapi_fetch_attr()
- Ticket 50091 - shadowWarning is not generated if passwordWarning is lower than 86400
seconds (1 day)
- Ticket 50056 - Fix CLI/UI bugs
- Ticket 49864 - Revised replication status messages for transient errors
- Ticket 50071 - Set ports in local_simple_allocate function
- Ticket 50065 - lib389 aci parsing is too strict
- Ticket 50061 - Improve schema loading in UI
- Ticket 50063 - Crash after attempting to restore a single backend
- Ticket 50062 - Replace error by warning in the state machine defined in repl5_inc_run
- Ticket 50041 - Set the React dataflow foundation and add basic plugin UI
- Ticket 50028 - Revise ds-replcheck usage
- TIcket 50057 - Pass argument into hashtable_new
- Ticket 50053 - improve testcase
- Ticket 50053 - Subtree password policy overrides a user-defined password policy
- Ticket 49974 - lib389 - List instances with initconfig_dir instead of sysconf_dir
- Ticket 49984 - Add an empty domain creation to the dscreate
- Ticket 49950 - PassSync not setting pwdLastSet attribute in Active Directory after Pw
update from LDAP sync for normal user
- Ticket 50046 - Remove irrelevant debug-log messages from CLI tools
- Ticket 50022, 50012, 49956, and 49800: Various dsctl/dscreate fixes
- Ticket 49927 - dsctl db2index does not work
- Ticket 49814 - dscreate should handle selinux ports that are in a range
- Ticket 49543 - fix certmap dn comparison
- Ticket 49994 - comment out dev paths
- Ticket 49994 - Add backend features to CLI
- Ticket 48081 - Add new CI tests for password
* Thu Nov 1 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.19-1
- Bump version to 1.4.0.19
- Ticket 50026 - audit logs does not capture the operation where nsslapd-lookthroughlimit
is modified
- Ticket 50020 - during MODRDN referential integrity can fail erronously while updating
large groups
- Ticket 49999 - Finish up the transfer to React
- Ticket 50004 - lib389 - improve X-ORIGIN schema parsing
- Ticket 50013 - Log warn instead of ERR when aci target does not exist.
- Ticket 49975 - followup for broken prefix deployment
- Ticket 49999 - Add dist-bz2 target for Koji build system
- Ticket 49814 - Add specfile requirements for python3-libselinux
- Ticket 49814 - Add specfile requirements for python3-selinux
- Ticket 49999 - Integrate React structure into cockpit-389-ds
- Ticket 49995 - Fix Tickets with internal op logging
- Ticket 49997 - RFE: ds-replcheck could validate suffix exists and it's replicated
- Ticket 49985 - memberof may silently fails to update a member
- Ticket 49967 - entry cache corruption after failed MODRDN
- Ticket 49975 - Add missing include file to main.c
- Ticket 49814 - skip standard ports for selinux labelling
- Ticket 49814 - dscreate should set the port selinux labels
- Ticket 49856 - Remove backend option from bak2db
- Ticket 49926 - Fix various Tickets with replication UI
- Ticket 49975 - SUSE rpmlint Tickets
- Ticket 49939 - Fix ldapi path in lib389
- Ticket 49978 - Add CLI logging function for UI
- Ticket 49929 - Modifications required for the Test Case Management System
- Ticket 49979 - Fix regression in last commit
- Ticket 49979 - Remove dirsrv tests subpackage
- Ticket 49928 - Fix various small WebUI schema Tickets
- Ticket 49926 - UI - comment out dev cli patchs
- Ticket 49926 - Add replication functionality to UI
* Wed Oct 10 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.18-1
- Bump version to 1.4.0.18
- Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from
filter_candidates_ext
- Ticket 49946 - upgrade of 389-ds-base could remove replication agreements.
- Ticket 49969 - DOS caused by malformed search operation (part 2)
* Tue Oct 9 2018 Mark Reynolds <mreynolds(a)redhat.com> - 1.4.0.17-2
- Bump version to 1.4.0.17-2
- Ticket 49969 - DOS caused by malformed search operation (security fix)
- Ticket 49943 - rfc3673_all_oper_attrs_test is not strict enough
- Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and
replication cannot finish
- Ticket 49963 - ASAN build fails on F28
- Ticket 49947 - Coverity Fixes
- Ticket 49958 - extended search fail to match entries
- Ticket 49928 - WebUI schema functionality and improve CLI part
- Ticket 49954 - On s390x arch retrieved DB page size is stored as size_t rather than
uint32_t
- Ticket 49928 - Refactor and improve schema CLI/lib389 part to DSLdapObject
- Ticket 49926 - Fix replication tests on 1.3.x
- Ticket 49926 - Add replication functionality to dsconf
- Ticket 49887 - Clean up thread local usage
- Ticket 49937 - Log buffer exceeded emergency logging msg is not thread-safe (security
fix)
- Ticket 49866 - fix typo in cos template in pwpolicy subtree create
- Ticket 49930 - Correction of the existing fixture function names to remove test_ prefix
- Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are
terminated unexpectedly
- Ticket 48053 - Add attribute encryption test cases
- Ticket 49866 - Refactor PwPolicy lib389/CLI module
- Ticket 49877 - Add log level functionality to UI
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-01a5328b48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------