File 389-ds.changes of Package 389-ds.11727

-------------------------------------------------------------------
Fri Aug  9 02:15:50 UTC 2019 - William Brown <william.brown@suse.com>

- Update specfile to be inline with the OpenSUSE spec file
  * include future-configurations in the spec which are not active until 15.2
    * lib389 (upstream requirement from 1.4.0)
    * rust (upstream requirement from 1.4.2)
    * removal of perl (upstream has not supported perl in any 1.4.x release)
  * resolve missing svrcore obsoletes statement and pkg configuration
    (bsc#1144797)

-------------------------------------------------------------------
Thu Aug 01 04:19:39 UTC 2019 - 389-ds-maintainer@suse.de

- Update to version 1.4.0.26~git0.8a2d3de6f:
  * Bump version to 1.4.0.26
  * Issue 50499 - Fix audit issues and remove jquery from the whitelist
  * Issue 50355 - SSL version min and max not correctly applied
  * Issue 50325 - Add Security tab to UI
  * Issue 50177 - Add a new CI test case, also added fixes in lib389
  * Bump version to 1.4.0.25
  * Issue 50431 - Fix regression from coverity fix
  * Bump version to 389-ds-base-1.4.0.24
  * Fix cherry-pick error from last commit
  * Issue 50052 - Fix rpm.mk according to audit-ci change
  * Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present
  * Issue 50041 - Add the rest UI Plugin tabs - Part 1
  * Ticket 50217 -  Implement dsconf security section
  * Issue 49602 - Revise replication status messages
  * Issue 50431 - Fix regression from coverity fix
  * Ticket 50431 - Fix covscan warnings
  * Issue 50426 - nsSSL3Ciphers is limited to 1024 characters
  * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request"
  * Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
  * Ticket 50413 - ds-replcheck - Always display the Result Summary
  * Ticket 50355 -  NSS can change the requested SSL min and max versions
  * Bump version to 1.4.0.23
  * Issue 50041 - Add the rest UI Plugin tabs - Part 2
  * Ticket 50340 - 2nd try - structs for diabled plugins will not be freed
  * Ticket 50393 - maxlogsperdir accepting negative values
  * Ticket 50396 - Crash in PAM plugin when user does not exist
  * Issue 50390 - Add Managed Entries Plug-in Config Entry schema
  * Ticket 50251 - clear text passwords visable in CLI verbose mode logging
  * Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
  * Ticket 50370 -  CleanAllRUV task crashing during server shutdown
  * Ticket 50340 cont - structs for disabled plugins will not be freed
  * Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes
  * Ticket 50329 - revert fix
  * Ticket 50340 - structs for diabled plugins will not be freed
  * Ticket 50327 - Add replication conflict support to UI
  * Ticket 50327 - Add replication conflict entry support to lib389/CLI
  * Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
  * Ticket 49990 - Increase the default FD limits
  * Ticket 50291 - Add monitor tab functionality to Cockpit UI
  * Fix cockpit console AppStream data
  * Ticket 50305 - Revise CleanAllRUV task restart process
  * Ticket 50303 - Add task creation date to task data
  * Ticket 50240 - Improve task logging


-------------------------------------------------------------------
Tue Apr 16 01:19:05 UTC 2019 - 389-ds-maintainer@suse.de

- Update to version 1.4.0.22~git0.9d84a40dd:
  * Bump version to 1.4.0.22 which resolves:
    * (bsc#1120189)
    * (bsc#991201, CVE-2016-5416)
    * (bsc#1083689, CVE-2018-1054)
    * (bsc#1092187, CVE-2018-1089)
    * (bsc#1099465, CVE-2018-10871)
    * (bsc#1108674, CVE-2018-14638)
    * (bsc#1109609, CVE-2018-14648)
    * (bsc#1132385, CVE-2019-3883)
    * (bsc#1105606, CVE-2018-10935)
  * Ticket 50308 - Revise memory leak fix
  * Ticket 50308 - Fix memory leaks for repeat binds and replication
  * Ticket 49873 - (cont 3rd) cleanup debug log
  * Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup
  * Issue 50292 - Fix Plugin CLI and UI issues
  * Ticket 50289 - Fix various database UI issues
  * Ticket 50300 - Fix memory leak in automember plugin
  * Ticket 50265: the warning about skew time could last forever
  * Ticket 50260 - Invalid cache flushing improvements
  * Remove obsolete patch 0001-init_fhs.patch
  * Remove obsolete patch 0002-use-python2-for-selinux-detection.patch
  * Remove obsolete patch 0003-fix-rm-non-existent-man-pages.patch
  * Remove obsolete patch simplify-lib389-setup-py.patch
  * Remove obsolete patch tw.patch
  * Remove obsolete patch 0006-under-network-load-ps-can-decrease-connection-refcnt.patch
  * Remove obsolete patch 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch
  * Remove obsolete patch 0008-invalid-password-migration-causes-unauth-bind.patch
  * Remove obsolete patch 0009-ldapsearch-with-server-side-sort-crashes-the-server.patch
  * Remove obsolete patch 0010-Log-buffer-exceeded-emergency-logging-msg-is-not-thread-safe.patch

-------------------------------------------------------------------
Tue Sep 11 12:47:02 UTC 2018 - varkoly@suse.com

- Introduce patch:
  0010-Log-buffer-exceeded-emergency-logging-msg-is-not-thread-safe.patch 
  to fix the issue "389-ds: Server crash through modify command with large DN"
  (bsc#1106699, CVE-2018-14624)

-------------------------------------------------------------------
Wed Aug 22 13:26:15 UTC 2018 - varkoly@suse.com

- Introduce patch:
  0009-ldapsearch-with-server-side-sort-crashes-the-server.patch
  to fix the issue that ldapsearch with server side sort allows 
  users to cause a crash (bsc#1105606, CVE-2018-10935)

-------------------------------------------------------------------
Tue Jul 31 14:36:51 UTC 2018 - dakechi@suse.com

- Introduce patches:
 * 0006-under-network-load-ps-can-decrease-connection-refcnt.patch
   to fix the race condition on reference counter (bsc#1096368,
   CVE-2018-10850)
 * 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch
   (bsc#1076530, CVE-2017-15134)
 * 0008-invalid-password-migration-causes-unauth-bind.patch
   (bsc#1076530, CVE-2017-15135)

-------------------------------------------------------------------
Mon Feb 19 13:01:04 UTC 2018 - hguo@suse.com

- Explicitly generate dirsrv sysconfig file as it is necessary for
  SLES 15 (bsc#1081324).

-------------------------------------------------------------------
Fri Feb  2 01:31:25 UTC 2018 - mrueckert@suse.de

- switch lib389 to use the python3-ldap subpackage

-------------------------------------------------------------------
Wed Jan 31 13:28:21 UTC 2018 - hguo@suse.com

- For SLES 15 schedule, do not build lib389 programmable extension
  for now.

-------------------------------------------------------------------
Wed Jan 31 11:13:17 UTC 2018 - dimstar@opensuse.org

- BuildRequire python3-ldap instead of python3-pyldap: pyldap is
  deprecated in favor of python-ldap.

-------------------------------------------------------------------
Tue Jan 30 14:19:15 UTC 2018 - hguo@suse.com

- Rename dependency package python-pyldap into python3-pyldap.

-------------------------------------------------------------------
Mon Jan 29 15:20:10 UTC 2018 - hguo@suse.com

- Correct name to dependency package "python-pyldap".

-------------------------------------------------------------------
Thu Jan 25 15:09:41 UTC 2018 - hguo@suse.com

- Introduce patch 0003-fix-rm-non-existent-man-pages.patch to remove
  a faulty rm statement from makefile.

-------------------------------------------------------------------
Sun Jan 14 02:59:15 UTC 2018 - mrueckert@suse.de

- add tw.patch to fix potential buffer overflow

-------------------------------------------------------------------
Tue Dec  5 14:45:57 UTC 2017 - rbrown@suse.com

- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468) 

-------------------------------------------------------------------
Mon Nov 20 22:34:46 UTC 2017 - mrueckert@suse.de

- added simplify-lib389-setup-py.patch
  seems the python3 setuptools on leap 42.3 do not like this fancy
  syntax. kill it and always use the python 3 way.

-------------------------------------------------------------------
Mon Nov 20 22:15:45 UTC 2017 - mrueckert@suse.de

- update to 1.4.0.3
  - Ticket 49457 - Fix spal_meminfo_get function prototype
  - Ticket 49455 - Add tests to monitor test suit.
  - Ticket 49448 - dynamic default pw scheme based on environment.
  - Ticket 49298 - fix complier warn
  - Ticket 49298 - Correct error codes with config restore.
  - Ticket 49454 - SSL Client Authentication breaks in FIPS mode
  - Ticket 49453 - passwd.py to use pwdhash defaults.
  - Ticket 49427 - whitespace in fedse.c
  - Ticket 49410 - opened connection can remain no longer poll,
    like hanging
  - Ticket 48118 - fix compiler warning for incorrect return type
  - Ticket 49451 - Add environment markers to lib389 dependencies
  - Ticket 49325 - Proof of concept rust tqueue in sds
  - Ticket 49443 - scope one searches in 1.3.7 give incorrect
    results
  - Ticket 48118 - At startup, changelog can be erronously rebuilt
    after a normal shutdown
  - Ticket 49412 - SIGSEV when setting invalid changelog config
    value
  - Ticket 49441 - Import crashes - oneline fix
  - Ticket 49377 - Incoming BER too large with TLS on plain port
  - Ticket 49441 - Import crashes with large indexed binary
    attributes
  - Ticket 49435 - Fix NS race condition on loaded test systems
  - Ticket 77 - lib389 - Refactor docstrings in rST format - part 2
  - Ticket 17 - lib389 - dsremove support
  - Ticket 3 - lib389 - python 3 compat for paged results test
  - Ticket 3 - lib389 - Python 3 support for memberof plugin test
    suit
  - Ticket 3 - lib389 - config test
  - Ticket 3 - lib389 - python 3 support ds_logs tests
  - Ticket 3 - lib389 - python 3 support for betxn test

-------------------------------------------------------------------
Sat Nov 11 00:53:42 UTC 2017 - mrueckert@suse.de

- we actually need pyldap

-------------------------------------------------------------------
Fri Nov 10 23:50:29 UTC 2017 - mrueckert@suse.de

- lib389 is merged into this tarball now. move the subpackage here.

-------------------------------------------------------------------
Fri Nov 10 22:45:23 UTC 2017 - mrueckert@suse.de

- update to 1.4.0.2
  - Ticket 48393 - fix copy and paste error
  - Ticket 49439 - cleanallruv is not logging information
  - Ticket 48393 - Improve replication config validation
  - Ticket lib389 3 - Python 3 support for ACL test suite
  - Ticket 103 - sysconfig not found
  - Ticket 49436 - double free in COS in some conditions
  - Ticket 48007 - CI test to test changelog trimming interval
  - Ticket 49424 - Resolve csiphash alignment issues
  - Ticket lib389 3 - Python 3 support for
    pwdPolicy_controls_test.py
  - Ticket 3 - python 3 support - filter test
  - Ticket 49434 - RPM build errors
  - Ticket 49432 - filter optimise crash
  - Ticket 49432 - Add complex fliter CI test
  - Ticket 48894 - harden valueset_array_to_sorted_quick valueset
    access
  - Ticket 49401 - Fix compiler incompatible-pointer-types warnings
  - Ticket 48681 - Use of uninitialized value in string ne at
    /usr/bin/logconv.pl
  - Ticket 49409 - Update lib389 requirements
  - Ticket 49401 - improve valueset sorted performance on delete
  - Ticket 49374 - server fails to start because maxdisksize is
    recognized incorrectly
  - Ticket 49408 - Server allows to set any nsds5replicaid in the
    existing replica entry
  - Ticket 49407 - status-dirsrv shows ellipsed lines
  - Ticket 48681 - Use of uninitialized value in string ne at
    /usr/bin/logconv.pl
  - Ticket 49386 - Memberof should be ignore MODRDN when the
    pre/post entry are identical
  - Ticket 48006 - Missing warning for invalid replica backoff
    configuration
  - Ticket 49064 - testcase hardening
  - Ticket 49064 - RFE allow to enable MemberOf plugin in dedicated
    consumer
  - Ticket lib389 3 - python 3 support
  - Ticket 49402 - Adding a database entry with the same database
    name that was deleted hangs server at shutdown
  - Ticket 48235 - remove memberof lock (cherry-pick error)
  - Ticket 49394 - build warning
  - Ticket 49381 - Refactor numerous suite docstrings - Part 2
  - Ticket 49394 - slapi_pblock_get may leave unchanged the
    provided variable
  - Ticket 49403 - tidy ns logging
  - Ticket 49381 - Refactor filter test suite docstrings
  - Ticket 48235 - Remove memberOf global lock
  - Ticket 103 - Make sysconfig where it is expected to exist
  - Ticket 49400 - Add clang support to rpm builds
  - Ticket 49381 - Refactor ACL test suite docstrings
  - Ticket 49363 - Merge lib389
  - Ticket 101 - BaseException.message has been deprecated in
    Python3
  - Ticket 102 - referral support
  - Ticket 99 - Fix typo in create_topology
  - Ticket #98 - Fix dbscan output
  - Ticket #77 - Fix changelogdb param issue
  - Ticket #77 - Refactor docstrings in rST format - part 1
  - Ticket 96 - Change binaries’ names
  - Ticket 77 - Add sphinx documentation
  - Ticket 43 - Add support for Referential Integrity plugin
  - Ticket 45 - Add support for Rootdn Access Control plugin
  - Ticket 46 - dsconf support for dynamic schema reload
  - Ticket 74 - Advice users to set referint-update-delay to 0
  - Ticket 92 - display_attr() should return str not bytes in py3
  - Ticket 93 - Fix test cases in ctl_dbtasks_test.py
  - Ticket 88 - python install and remove for tests
  - Ticket 85 - Remove legacy replication attribute
  - Ticket 91 - Fix replication topology
  - Ticket 89 - Fix inconsistency with serverid
  - Ticket 79 - Fix replica.py and add tests
  - Ticket 86 - add build dir to gitignore
  - Ticket 83 - Add an util for generating instance parameters
  - Ticket 87 - Update accesslog regec for HR etimes
  - Ticket 49 - Add support for whoami plugin
  - Ticket 48 - Add support for USN plugin
  - Ticket 78 - Add exists() method to DSLdapObject
  - Ticket 31 - Allow complete removal of some memberOf attrs
  - Ticket31 - Add memberOf fix-up task
  - Ticket 67 - Add ensure_int function
  - Ticket 59 - lib389 support for index management.
  - Ticket 67 - get attr by type
  - Ticket 70 - Improve repl tools
  - Ticket 50 - typo in db2* in dsctl
  - Ticket 31 - Add status command and SkipNested support for
    MemberOf
  - Ticket 31 - Add functional tests for MemberOf plugin
  - Ticket 66 - expand healthcheck for Directory Server
  - Ticket 69 - add specfile requires
  - Ticket 31 - Initial MemberOf plugin support
  - Ticket 50 - Add db2* tasks to dsctl
  - Ticket 65 - Add m2c2 topology
  - Ticket 63 - part 2, agreement test
  - Ticket 63 - lib389 python 3 fix
  - Ticket 62 - dirsrv offline log
  - Ticket 60 - add dsrc to dsconf and dsidm
  - Ticket 32 - Add TLS external bind support for testing
  - Ticket 27 - Fix get function in tests
  - Ticket 28 - userAccount for older versions without nsmemberof
  - Ticket 27 - Improve dseldif API
  - Ticket 30 - Add initial support for account lock and unlock.
  - Ticket 29 - fix incorrect format in tools
  - Ticket 28 - Change default objectClasses for users and groups
  - Ticket 1 - Fix missing dn / rdn on config.
  - Ticket 27 - Add a module for working with dse.ldif file
  - Ticket 1 - cn=config comparison
  - Ticket 21 - Missing serverid in dirsrv_test due to incorrect
    allocation
  - Ticket 26 - improve lib389 sasl support
  - Ticket 24 - Join paths using os.path.join instead of string
    concatenation
  - Ticket 25 - Fix RUV repr function
  - Ticket 23 - Use DirSrv.exists() instead of manually checking
    for instance’s existence
  - Ticket 1 - cn=config comparison
  - Ticket 22 - Specify a basedn parameter for IDM modules
  - Ticket 19 - missing readme.md in python3
  - Ticket 20 - Use the DN_DM constant instead of hard coding its
    value
  - Ticket 19 - Missing file and improve make
  - Ticket 14 - Remane dsadm to dsctl
  - Ticket 16 - Reset InstScriptsEnabled argument during the init
  - Ticket 14 - Remane dsadm to dsctl
  - Ticket 13 - Add init function to create new domain entries
  - Ticket 15 - Improve instance configuration ability
  - Ticket 10 - Improve command line tool arguments
  - Ticket 9 - Convert readme to MD
  - Ticket 7 - Add pause and resume methods to topology fixtures
  - Ticket 49172 - Allow lib389 to read system schema and instance
  - Ticket 49172 - Allow lib389 to read system schema and instance
  - Ticket 6 - Bump lib389 version 1.0.4
  - Ticket 5 - Fix container build on fedora
  - Ticket 4 - Cert detection breaks some tests
  - Ticket 49137 - Add sasl plain tests, lib389 support
  - Ticket 2 - pytest mark with version relies on root
  - Ticket 49126 - DIT management tool
  - Ticket 49101 - Python 2 generate example entries
  - Ticket 49103 - python 2 support for installer
  - Ticket 47747 - Add topology_i2 and topology_i3
  - Ticket 49087 - lib389 resolve jenkins issues
  - Ticket 48413 - Improvements to lib389 for rest
  - Ticket 49083 - Support prefix for discovery of the defaults.inf
    file.
  - Ticket 49055 - Fix debugging mode issue
  - Ticket 49060 - Increase number of masters, hubs and consumers
    in topology
  - Ticket 47747 - Add more topology fixtures
  - Ticket 47840 - Add InstScriptsEnabled argument
  - Ticket 47747 - Add topology fixtures module
  - Ticket 48707 - Implement draft-wibrown-ldapssotoken-01
  - Ticket 49022 - Lib389, py3 installer cannot create entries in
    backend
  - Ticket 49024 - Fix paths to the dbdir parent
  - Ticket 49024 - Fix db_dir paths
  - Ticket 49024 - Fix paths in tools module
  - Ticket 48961 - Fix lib389 minor issues shown by 48961 test
  - Ticket 49010 - Lib389 fails to start with systemctl changes
  - Ticket 49007 - lib389 fixes for paths to use online values
  - Ticket 49005 - Update lib389 to work in containers correctly.
  - Ticket 48991 - Fix lib389 spec for python2 and python3
  - Ticket 48984 - Add lib389 paths module
  - Ticket 48951 - dsadm dsconfig status and plugin
  - Ticket 47957 - Update the replication “idle” status string
  - Ticket 48951 - dsadm and dsconf base files
  - Ticket 48952 - Restart command needs a sleep
  - Ticket 48949 - Fix ups for style and correctness
  - Ticket 48949 - added copying slapd-collations.conf
  - Ticket 48949 - change default file path generation - use
    os.path.join
  - Ticket 48949 - os.makedirs() exist_ok not python2 compatible,
    added try/except
  - Ticket 48949 - configparser fallback not python2 compatible
  - Ticket 48946 - openConnection should not fully popluate DirSrv
    object
  - Ticket 48832 - Add DirSrvTools.getLocalhost() function
  - Ticket 48382 - Fix serverCmd to get sbin dir properly
  - Bug 1347760 - Information disclosure via repeated use of LDAP
    ADD operation, etc.
  - Ticket 48937 - Cleanup valgrind wrapper script
  - Ticket 48923 - Fix additional issue with serverCmd
  - Ticket 48923 - serverCmd timeout not working as expected
  - Ticket 48917 - Attribute presence
  - Ticket 48911 - Plugin improvements for lib389
  - Ticket 48911 - Improve plugin support based on new mapped
    objects
  - Ticket 48910 - Fixes for backend tests and lib389 reliability.
  - Ticket 48860 - Add replication tools
  - Ticket 48888 - Correction to create of dsldapobject
  - Ticket 48886 - Fix NSS SSL library in lib389
  - Ticket 48885 - Fix spec file requires
  - Ticket 48884 - Bugfixes for mapped object and new connections
  - Ticket 48878 - better style for backend in backend_test.py
  - Ticket 48878 - pep8 fixes part 2
  - Ticket 48878 - pep8 fixes and fix rpm to build
  - Ticket 48853 - Prerelease installer
  - Ticket 48820 - Begin to test compatability with py.test3, and
    the new orm
  - Ticket 48434 - Fix for negative tz offsets
  - Ticket 48857 - Remove python-krbV from lib389
  - Ticket 48820 - Fix tests to ensure they work with the new
    object types
  - Ticket 48820 - Move Encryption and RSA to the new object types
  - Ticket 48820 - Proof of concept of orm style mapping of configs
    and objects
  - Ticket 48820 - Clitool rename
  - Ticket 48431 - lib389 integrate ldclt
  - Ticket 48434 - lib389 logging tools
  - Ticket 48796 - add function to remove logs
  - Ticket 48771 - lib389 - get ns-slapd version
  - Ticket 48830 - Convert lib389 to ip route tools
  - Ticket 48763 - backup should run regardless of existing
    backups.
  - Ticket 48434 - lib389 logging tools
  - Ticket 48798 - EL6 compat for lib389 tests for DH params
  - Ticket 48798 - lib389 add ability to create nss ca and
    certificate
  - Ticket 48433 - Aci linting tools
  - Ticket 48791 - format args in server tools
  - Ticket 48399 - Helper makefile is missing mkdir dist
  - Ticket 48399 - Helper makefile is missing mkdir dist
  - Ticket 48794 - lib389 build requires are on a single line
  - Ticket 48660 - Add function to convert binary values in an
    entry to base64
  - Ticket 48764 - Fix mit krb password to be random.
  - Ticket 48765 - Change default ports for standalone topology
  - Ticket 48750 - Clean up logging to improve command experience
  - Ticket 48751 - Improve lib389 ldapi support
  - Ticket 48399 - Add helper makefile to lib389 to build and
    install
  - Ticket 48661 - Agreement test suite fails at the test_changes
    case
  - Ticket 48407 - Add test coverage module for lib389 repo
  - Ticket 48357 - clitools should standarise their args
  - Ticket 48560 - Make verbose handling consistent
  - Ticket 48419 - getadminport() should not a be a static method
  - Ticket 48408 - RFE escaped default suffix for tests
  - Ticket 48401 - Revert typecheck
  - Ticket 48401 - lib389 Entry hasAttr returs dict instead of
    false
  - Ticket 48390 - RFE Improvements to lib389 monitor features for
    rest389
  - Ticket 48358 - Add new spec file
  - Ticket 48371 - weaker host check on localhost.localdomain
  - Ticket 58358 - Update spec file with pre-release versioning
  - Ticket 48358 - Make Fedora packaging changes to the spec file
  - Ticket 48358 - Prepare lib389 for Fedora Packaging
  - Ticket 48364 - Fix test failures
  - Ticket 48360 - Refactor the delete agreement function
  - Ticket 48361 - Expand 389ds monitoring capabilities
  - Ticket 48246 - Adding license/copyright to lib389 files
  - Ticket 48340 - Add basic monitor support to lib389
    https://fedorahosted.org/389/ticket/48340
  - Ticket 48353 - Add Replication REST support to lib389
  - Ticket 47840 - Fix regression
  - Ticket 48343 - lib389 krb5 realm management
    https://fedorahosted.org/389/ticket/48343
  - Ticket 47840 - fix lib389 to use sbin scripts
    https://fedorahosted.org/389/ticket/47840
  - Ticket 48335 - Add SASL support to lib389
  - Ticket 48329 - Fix case-senstive scyheam comparisions
  - Ticket 48303 - Fix lib389 broken tests
  - Ticket 48329 - add matching rule functions to schema module
  - Ticket 48324 - fix boolean capitalisation (one line)
    https://fedorahosted.org/389/ticket/48324
  - Ticket 48321 - Improve is_a_dn check to prevent mistakes with
    lib389 auth https://fedorahosted.org/389/ticket/48321
  - Ticket 48322 - Allow reindex function to reindex all attributes
  - Ticket 48319 - Fix ldap.LDAPError exception processing
  - Ticket 48318 - Do not delete a changelog while disabling a
    replication by suffix
  - Ticket 48308 - Add eq and ne to Entry to allow fast comparison
    https://fedorahosted.org/389/ticket/48308
  - Ticket 48303 - Fix lib389 broken tests - backend_test
  - Ticket 48309 - Fix lib389 lib imports
  - Ticket 48303 - Fix lib389 broken tests - agreement_test
  - Ticket 48303 - Fix lib389 broken tests - aci_parse_test
  - Ticket 48301 - add tox support
  - Ticket 48204 - update lib389 for python3
  - Ticket 48273 - Improve valgrind functions
  - Ticket 48271 - Fix for self.prefix being none when
    SER_DEPLOYED_DIR is none
    https://fedorahosted.org/389/ticket/48271
  - Ticket 48259 - Add aci parsing utilities to lib389
  - Ticket 48252 - (lib389) adding get_bin_dir and dbscan
  - Ticket 48247 - Change the default user to ‘dirsrv’
  - Ticket 47848 - Add new function to create ldif files
  - Ticket 48239 - Fix for prefix allocation of un-initialised
    dirsrv objects
  - Ticket 48237 - Add lib389 helper to enable and disable logging
    services.
  - Ticket 48236 - Add get effective rights helper to lib389
  - Ticket 48238 - Add objectclass and attribute type query
    mechanisms
  - Ticket 48029 - Add missing replication related functions
  - Ticket 48028 - add valgrind wrapper for ns-slapd
  - Ticket 48028 - lib389 - add valgrind functions
  - Ticket 48022 - lib389 - Add all the server tasks
  - Ticket 48023 - create function to test replication between
    servers
  - Ticket 48020 - lib389 - need to reset args_instance with every
    DirSrv init
  - Ticket 48000 - Repl agmts need more time to stop
  - Ticket 48004 - Fix various issues
  - Ticket 48000 - replica agreement pause/resume should have a
    short sleep
  - Ticket 47990 - Add check for “.removed” instances when doing an
    upgrade
  - Ticket 47990 - Add “upgrade” function to lib389
  - Ticket 47691 - using lib389 with RPMs
  - Ticket 47848 - Add support for setuptools.
  - Ticket 47855 - Add function to clear tmp directory
  - Ticket 47851 - Need to retrieve tmp directory path
  - Ticket 47845 - add stripcsn option to tombstone fixup task
  - Ticket 47851 - Add function to retrieve dirsrvtests data
    directory
  - Ticket 47845 - Add backup/restore/fixup tombstone tasks to
    lib389
  - Ticket 47819 - Add the new precise tombstone purging config
    attribute
  - Ticket 47695 - Add plugins/tasks/Index
  - Ticket 47648 - lib389 - add schema classes, methods
  - Ticket 47671 - CI lib389: allow to open a DirSrv without having
    to create the instance
  - Ticket 47600 - Replica/Agreement/Changelog not conform to the
    design
  - Ticket 47652 - replica add fails: MT.list return a list not an
    entry
  - Ticket 47635 - MT/Backend/Suffix to be conform with the design
  - Ticket 47625 - CI lib389: DirSrv not conform to the design
  - Ticket 47595 - fail to detect/reinit already existing
    instance/backup
  - Ticket 47590 - CI tests: add/split functions around replication
  - Ticket 47584 - CI tests: add backup/restore of an instance
  - Ticket 47578 - CI tests: removal of ‘sudo’ and absolute path in
    lib389
  - Ticket 47568 - Rename DSAdmin class
  - Ticket 47566 - Initial import of DSadmin into 389-test repos

-------------------------------------------------------------------
Tue Oct 24 12:35:24 UTC 2017 - jengelh@inai.de

- Use openSUSE rpm group classifications.
- Remove removal of .a files that do not exist to begin with
  (because of --disable-static).
- Remove double removal of .la files.
- Do not suppress errors from useradd.

-------------------------------------------------------------------
Wed Oct 18 20:57:17 UTC 2017 - mrueckert@suse.de

- update to 1.4.0.1
  - Ticket 49038 - remove legacy replication - change cleanup
    script precedence
  - Ticket 49392 - memavailable not available
  - Ticket 49235 - pbkdf2 by default
  - Ticket 49279 - remove dsktune
  - Ticket 49372 - filter optimisation improvements for common
    queries
  - Ticket 49320 - Activating already active role returns error 16
  - Ticket 49389 - unable to retrieve specific cosAttribute when
    subtree password policy is configured
  - Ticket 49092 - Add CI test for schema-reload
  - Ticket 49388 - repl-monitor - matches null string many times in
    regex
  - Ticket 49387 - pbkdf2 settings were too aggressive
  - Ticket 49385 - Fix coverity warnings
  - Ticket 49305 - Need to wrap atomic calls
  - Ticket 48973 - Indexing a ExactIA5Match attribute with a
    IgnoreIA5Match matching rule triggers a warning
  - Ticket 49378 - server init fails
  - Ticket 49305 - Need to wrap atomic calls
  - Ticket 49180 - add CI test
  - Ticket 49180 - errors log filled with attrlist_replace -
    attr_replace

-------------------------------------------------------------------
Tue Oct 10 16:06:18 UTC 2017 - mrueckert@suse.de

- drop 389-ds-reproducible.patch: applied upstream

-------------------------------------------------------------------
Fri Sep 29 00:06:42 UTC 2017 - mrueckert@suse.de

- move upgrade and restart code to postun

-------------------------------------------------------------------
Thu Sep 28 15:40:51 UTC 2017 - mrueckert@suse.de

- make sure we stop before uninstall
- build require gdb for directory ownership

-------------------------------------------------------------------
Wed Sep 27 16:11:29 UTC 2017 - mrueckert@suse.de

- sync requires with fedora spec file
  - build with tcmalloc
  - add missing requires for things like bind-utils, db-utils
  - add requires to the devel package
  - split out the snmp agent
  - upgrade all databases on update

-------------------------------------------------------------------
Wed Sep 27 15:10:25 UTC 2017 - mrueckert@suse.de

- update to 1.4.0.0
  - Ticket 49327 - Add CI test for password expiration controls
  - Ticket 48085 - CI tests - replication ruvstore
  - Ticket 49381 - Refactor numerous suite docstrings
  - Ticket 48085 - CI tests - replication cl5
  - Ticket 49379 - Allowed sasl mapping requires restart
  - Ticket 49327 - password expired control not sent during grace
    logins
  - Ticket 49380 - Add CI test
  - Ticket 83 - Fix create_test.py imports
  - Ticket 49381 - Add docstrings to ds_logs, gssapi_repl, betxn
  - Ticket 49380 - Crash when adding invalid replication agreement
  - Ticket 48081 - CI test - password - Ticket 49295 - Fix CI tests
  - Ticket 49295 - Fix CI test for account policy
  - Ticket 49373 - remove unused header file
- changes from 1.3.7.4
  - Ticket 49371 - Cleanup update script
  - Ticket 48831 - Autotune dncache with entry cache.
  - Ticket 49312 - pwdhash -D used default hash algo
  - Ticket 49043 - make replication conflicts transparent to
    clients
  - Ticket 49371 - Fix rpm build
  - Ticket 49371 - Template dse.ldif did not contain all needed
    plugins
  - Ticket 49295 - Fix CI Tests
  - Ticket 49050 - make objectclass ldapsubentry effective
    immediately
- changes from 1.3.7.3
  - Ticket 49354 - fix regression in total init due to mistake in
    range fetch
  - Ticket 49370 - local password policies should use the same
    defaults as the global policy
  - Ticket 48989 - Delete slow lib389 test
  - Ticket 49367 - missing braces in idsktune
  - Ticket 49364 - incorrect function declaration.
  - Ticket 49275 - fix tls auth regression
  - Ticket 49038 - Revise creation of cn=replication,cn=config
  - Ticket 49368 - Fix typo in log message
  - Ticket 48059 - Add docstrings to CLU tests
  - Ticket 47840 - Add docstrings to setup tests
  - Ticket 49348 - support perlless and wrapperless install

-------------------------------------------------------------------
Tue Sep 19 09:39:08 CEST 2017 - kukuk@suse.de

- Remove unnecessary ldconfig calls

-------------------------------------------------------------------
Wed Aug 30 15:49:42 UTC 2017 - mrueckert@suse.de

- update to 1.3.7.2
  - Ticket 49038 - Fix regression from legacy code cleanup
  - Ticket 49295 - Fix CI tests
  - Ticket 48067 - Add bugzilla tests for ds_logs
  - Ticket 49356 - mapping tree crash can occur during tot init
  - Ticket 49275 - fix compiler warns for gcc 7
  - Ticket 49248 - Add a docstring to account locking test case
  - Ticket 49445 - remove dead code
  - Ticket 48081 - Add regression tests for pwpolicy
  - Ticket 48056 - Add docstrings to basic test suite
  - Ticket 49349 - global name ‘imap’ is not defined
  - Ticket 83 - lib389 - Fix tests and create_test.py
  - Ticket 48185 - Remove referint-logchanges attr from referint’s
    config
  - Ticket 48081 - Add regression tests for pwpolicy
  - Ticket 83 - lib389 - Replace topology agmt objects
  - Ticket 49331 - change autoscaling defaults
  - Ticket 49330 - Improve ndn cache performance.
  - Ticket 49347 - reproducable build numbers
  - Ticket 39344 - changelog ldif import fails
  - Ticket 49337 - Add regression tests for import tests
  - Ticket 49309 - syntax checking on referint’s delay attr
  - Ticket 49336 - SECURITY: Locked account provides different
    return code
  - Ticket 49332 - Event queue is not working
  - Ticket 49313 - Change the retrochangelog default cache size
  - Ticket 49329 - Descriptive error msg for USN cleanup task
  - Ticket 49328 - Cleanup source code
  - Ticket 49299 - Add normalized dn cache stats to dbmon.sh
  - Ticket 49290 - improve idl handling in complex searches
  - Ticket 49328 - Update clang-format config file
  - Ticket 49091 - remove usage of changelog semaphore
  - Ticket 49275 - shadow warnings for gcc7 - pass 1
  - Ticket 49316 - fix missing not condition in clock cleanu
  - Ticket 49038 - Remove legacy replication
  - Ticket 49287 - v3 extend csnpl handling to multiple backends
  - Ticket 49310 - remove sds logging in debug builds
  - Ticket 49031 - Improve memberof with a cache of group parents
  - Ticket 49316 - Fix clock unsafety in DS
  - Ticket 48210 - Add IP addr and connid to monitor output
  - Ticket 49295 - Fix CI tests and compiler warnings
  - Ticket 49295 - Fix CI tests
  - Ticket 49305 - Improve atomic behaviours in 389-ds
  - Ticket 49298 - fix missing header
  - Ticket 49314 - Add untracked files to the .gitignore
  - Ticket 49303 - Fix error in CI test
  - Ticket 49302 - fix dirsrv importst due to lib389 change
  - Ticket 49303 - Add option to disable TLS client-initiated
    renegotiation
  - Ticket 49298 - force sync() on shutdown
  - Ticket 49306 - make -f rpm.mk rpms produces build without
    tcmalloc enabled
  - Ticket 49297 - improve search perf in bpt by removing a deref
  - Ticket 49284 - resolve crash in memberof when deleting attrs
  - Ticket 49290 - unindexed range searches don’t provide notes=U
  - Ticket 49301 - Add one logpipe test case
- changes from 1.3.6.8
  - Ticket 49356 - mapping tree crash can occur during tot init
- changes from 1.3.6.7
  - Ticket 49330 - Improve ndn cache performance
  - Ticket 49298 - fix missing header
  - Ticket 49298 - force sync() on shutdown
  - Ticket 49336 - SECURITY: Locked account provides different
    return code
  - Ticket 49334 - fix backup restore if changelog exists
  - Ticket 49313 - Change the retrochangelog default cache size
  - Fix error log format in add.c
  - Ticket 49287 - fix compiler warning for patch 49287
  - Ticket 49287 - v3 extend csnpl handling to multiple backends
  - Ticket 49288 - RootDN Access wrong plugin path in
    template-dse.ldif.in
  - Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV if
    related pblock has not operation set
  - Ticket 49008 - Fix MO plugin betxn test
  - Ticket 49227 - ldapsearch does not return the expected Error
    log level
  - Ticket 49028 - Add autotuning test suite
  - Ticket 49273 - bak2db doesn’t operate with dbversion
  - Ticket 49184 - adjust logging level in MO plugin
  - Ticket 49257 - only register modify callbacks
  - Ticket 49257 - Update CI script
  - Ticket 49008 - Adjust CI test for new memberOf behavior
  - Ticket 49273 - crash when DBVERSION is corrupt.
  - Ticket 49268 - master branch fails on big endian systems
  - Ticket 49241 - add symblic link location to db2bak.pl output
  - Ticket 49257 - Reject nsslapd-cachememsize & nsslapd-cachesize
    when nsslapd-cache-autosize is set
  - Ticket 48538 - Failed to delete old semaphore
  - Ticket 49231 - force EXTERNAL always
  - Ticket 49267 - autosize split of 0 results in dbcache of 0

-------------------------------------------------------------------
Wed Aug 30 12:29:40 UTC 2017 - bwiedemann@suse.com

- Add 389-ds-reproducible.patch not use build date in build num
  to make build reproducible (boo#1047218)

-------------------------------------------------------------------
Tue Aug 15 14:37:47 UTC 2017 - hguo@suse.com

- Introduce acl as mandatory runtime dependency.

-------------------------------------------------------------------
Tue Aug  8 14:37:00 UTC 2017 - hguo@suse.com

- Rename patch 389-ds-base-1.3.2.11_init_fhs.patch -> 0001-init_fhs.patch
- Fix faulty python module import with patch
  0002-use-python2-for-selinux-detection.patch
- Conduct a major clean-up of spec file to remove all outdated macros
- Introduce extra schema files from OpenLDAP distribution with
  extra-schema.tgz and LICENSE.openldap

-------------------------------------------------------------------
Sat May 27 08:46:54 UTC 2017 - mrueckert@suse.de

- update to 1.3.6.6
  - Ticket 49157 - fix error in ds-logpipe.py
  - Ticket 48864 - remove config.h from spal header.
  - Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework
    report format
  - Ticket 49261 - Fix script usage and man pages
  - Ticket 49238 - AddressSanitizer: heap-use-after-free in
    libreplication
  - Ticket 48864 - Fix FreeIPA build
  - Ticket 49257 - Reject dbcachesize updates while auto cache
    sizing is enabled
  - Ticket 49249 - cos_cache is erroneously logging schema checking
    failure
  - Ticket 49258 - Allow nsslapd-cache-autosize to be modified
    while the server is running
  - Ticket 49247 - resolve build issues on debian
  - Ticket 49246 - ns-slapd crashes in role cache creation
  - Ticket 49157 - ds-logpipe.py crashes for non-existing users
  - Ticket 49241 - Update man page and usage for db2bak.pl
  - Ticket 49075 - Adjust logging severity levels
  - Ticket 47662 - db2index not properly evaluating arguments
  - Ticket 48989 - fix perf counters
- changes from 1.3.6.5
  - Ticket 49231 - fix sasl mech handling
  - Ticket 49233 - Fix crash in persistent search
  - Ticket 49230 - slapi_register_plugin creates config entry where
    it should not
  - Ticket 49135 - PBKDF2 should determine rounds at startup
  - Ticket 49236 - Fix CI Tests
  - Ticket 48310 - entry distribution should be case insensitive
  - Ticket 49224 - without –prefix, $prefixdir would be NONE in
    defaults.
- drop 9563d299.patch: included upstream

-------------------------------------------------------------------
Fri May 19 10:32:03 UTC 2017 - mrueckert@suse.de

- added 9563d299.patch to fix building slapi-nis and freeipa

-------------------------------------------------------------------
Thu May 11 11:01:05 UTC 2017 - jengelh@inai.de

- Do not suppress errors from user/group creation.
  Add some safety quoting here and there.

-------------------------------------------------------------------
Thu Apr 27 21:02:04 UTC 2017 - mrueckert@suse.de

- update to 1.3.6.4
  - Ticket 49228 - Fix SSE4.2 detection.
  - Ticket 49229 - Correct issues in latest commits
  - Ticket 49226 - Memory leak in ldap-agent-bin
  - Ticket 49214 - Implement htree concept
  - Ticket 49119 - Cleanup configure.ac options and defines
  - Ticket 49097 - whitespace fixes for pblock change
  - Ticket 49097 - Pblock get/set cleanup
  - Ticket 49222 - Resolve various test issues on rawhide
  - Issue 48978 - Fix the emergency logging functions severity
    levels
  - Issue 49227 - ldapsearch for nsslapd-errorlog-level returns
    incorrect values
  - Ticket 49041 - nss won’t start if sql db type set
  - Ticket 49223 - Fix sds queue locking
  - Issue 49204 - Fix 32bit arch build failures
  - Issue 49204 - Need to update function declaration
  - Ticket 49204 - Fix lower bounds on import autosize + On small
    VM, autotune breaks the access of the suffixes
  - Issue 49221 - During an upgrade the provided localhost name is
    ignored
  - Issue 49220 - Remote crash via crafted LDAP messages (SECURITY
    FIX)
  - Ticket 49184 - Overflow in memberof
  - Ticket 48050 - Add account policy tests to plugins test suite
  - Ticket 49207 - Supply docker POC build for DS.
  - Issue 47662 - CLI args get removed
  - Issue 49210 - Fix regression when checking is password min age
    should be checked
  - Ticket 48864 - Add cgroup memory limit detection to 389-ds
  - Issue 48085 - Expand the repl acceptance test suite
  - Ticket 49209 - Hang due to omitted replica lock release
  - Ticket 48864 - Cleanup memory detection before we add cgroup
    support
  - Ticket 48864 - Cleanup up broken format macros and imports
  - Ticket 49153 - Remove vacuum lock on transaction cleanup
  - Ticket 49200 - provide minimal dse.ldif for python installer
  - Issue 49205 - Fix logconv.pl man page
  - Issue 49177 - Fix pkg-config file
  - Issue 49035 - dbmon.sh shows pages-in-use that exceeds the
    cache size
  - Ticket 48432 - Linux capabilities on ns-slapd
  - Ticket 49196 - Autotune generates crit messages
  - Ticket 49194 - Lower default ioblock timeout
  - Ticket 49193 - gcc7 warning fixes
  - Issue 49039 - password min age should be ignored if password
    needs to be reset
  - Ticket 48989 - Re-implement lock counter
  - Issue 49192 - Deleting suffix can hang server
  - Issue 49156 - Modify token :assert: to :expectedresults:
  - Ticket 48989 - missing return in counter
  - Ticket 48989 - Improve counter overflow fix
  - Ticket 49190 - Upgrade lfds to 7.1.1
  - Ticket 49187 - Fix attribute definition
  - Ticket 49185 - Fix memleak in compute init

-------------------------------------------------------------------
Fri Mar 24 13:42:40 UTC 2017 - mrueckert@suse.de

- update to 1.3.6.3
  This release contains security and bug fixes and a few
  enhancements.
  - Issue 49177 - rpm would not create valid pkgconfig files(pt2)
  - Issue 49186 - Fix NS to improve shutdown relability
  - Issue 49174 - nunc-stans can not use negative timeout
  - Issue 49076 - To debug DB_DEADLOCK condition, allow to reset
    DB_TXN_NOWAIT flag on txn_begin
  - Issue 49188 - retrocl can crash server at shutdown
  - Issue 47840 - Add setup_ds test suite
  - Fix srvcore version dependancy
  - Issue 48989 - Overflow in counters and monitor
  - Issue 49095 - targetattr wildcard evaluation is incorrectly
    case sensitive
  - Issue 49177 - rpm would not create valid pkgconfig files
  - Issue 49176 - Remove tcmalloc restriction from s390x
  - Issue 49157 - ds-logpipe.py crashes for non-existing users
  - Issue 49065 - dbmon.sh fails if you have
    nsslapd-require-secure-binds enabled
  - Issue 49095 - Fix double-free in _cl5NewDBFile() error path
  - Issue 49169 - Fix covscan errors(regression)
  - Issue 49172 - Fix test schema files
  - Issue 49171 - Nunc Stans incorrectly reports a timeout
  - Issue 49169 - Fix covscan errors
  - Issue 49164 - Change NS to acq-rel semantics for atomics
  - Issue 49154 - Nunc Stans stress should assert it has 95%
    success rate
  - Issue 49165 - pw_verify did not handle external auth
  - Issue 49062 - Reset agmt update staus and total init
  - Issue 49151 - Remove defunct selinux policy
- add BR for autoconf, autotool, libtool as upstream doesn't ship
  a prebuilt configure anymore
- import BR from nunc-stans as it is intree now:
  libtevent-devel libtalloc-devel libevent-devel
- added BR for doxygen to build doxygen
- enable auto-dn-suffix feature

-------------------------------------------------------------------
Mon Feb 20 12:49:23 UTC 2017 - mrueckert@suse.de

- fix build on factory: libsystemd-* libs got merged into libsystemd.

-------------------------------------------------------------------
Wed Dec 21 15:48:51 UTC 2016 - mrueckert@suse.de

- update to 1.3.5.15
  - bz1358565 - Clear and unsalted password types are vulnerable to
    timing attack (SECURITY FIX)
  - Ticket 49016 - (un)register/migration/remove may fail if there
    is no suffix on ‘userRoot’ backend
  - Ticket 48328 - Add missing dependency
  - Ticket 49009 - args debug logging must be more restrictive
  - Ticket 49014 - ns-accountstatus.pl shows wrong status for
    accounts inactivated by Account policy plugin
  - Ticket 47703 - remove search limit for aci group evaluation
  - Ticket 48909 - Replication stops working in FIPS mode
- changes in 1.3.5.14
  - Ticket 48992 - Total init may fail if the pushed schema is
    rejected
  - Ticket 48832 - Fix CI test suite for password min age
  - Ticket 48983 - Configure and Makefile.in from new default paths
    work.
  - Ticket 48983 - Configure and Makefile.in from new default paths
    work.
  - Ticket 48983 - generate install path info from autotools
    scripts
  - Ticket 48944 - on a read only replica invalid state info can
    accumulate
  - Ticket 48766 - use a consumer maxcsn only as anchor if supplier
    is more advanced
  - Ticket 48921 - CI Replication stress tests have limits set too
    low
  - Ticket 48969 - nsslapd-auditfaillog always has an explicit path
  - Ticket 48957 - Update repl-monitor to handle new status
    messages
  - Ticket 48832 - Fix CI tests
  - Ticket 48975 - Disabling CLEAR password storage scheme will
    crash server when setting a password
  - Ticket 48369 - Add CI test suite
  - Ticket 48970 - Serverside sorting crashes the server
  - Ticket 48972 - remove old pwp code that adds/removes ACIs
  - Ticket 48957 - set proper update status to replication
    agreement in case of failure
  - Ticket 48950 - Add systemd warning to the LD_PRELOAD example in
    /etc/sysconfig/dirsrv
  - provide backend dir in suffix template
  - Ticket 48953 - Skip labelling and unlabelling ports during the
    test
  - Ticket 48967 - Add CI test and refactor test suite
  - Ticket 48967 - passwordMinAge attribute doesn’t limit the
    minimum age of the password
  - Fix jenkins warnings about unused vars
  - Ticket 48402 - v3 allow plugins to detect a restore or import
  - Ticket #48969 - nsslapd-auditfaillog always has an explicit
    path
  - Ticket 48964 - cleanAllRUV changelog purging incorrectly
    processes all backends
  - Ticket 48965 - Fix building rpms using rpm.mk
  - Ticket 48965 - Fix generation of the pre-release version
  - Bugzilla 1368956 - man page of ns-accountstatus.pl shows
    redundant entries for -p port option
  - Ticket 48960 - Crash in import_wait_for_space_in_fifo().
  - Ticket 48832 - Fix more CI test failures
  - Ticket 48958 - Audit fail log doesn’t work if audit log
    disabled.
  - Ticket 48956 - ns-accountstatus.pl showing “activated” user
    even if it is inactivated
  - Ticket 48954 - replication fails because anchorcsn cannot be
    found
  - Ticket 48832 - Fix CI tests failures from jenkins server
  - Ticket 48950 - Change example in /etc/sysconfig/dirsrv to use
    tcmalloc

-------------------------------------------------------------------
Sat Nov 19 21:02:06 UTC 2016 - aj@ajaissle.de

- New upstream release 1.3.4.14

-------------------------------------------------------------------
Mon Sep  5 13:13:06 UTC 2016 - mrueckert@suse.de

- update to 1.3.5.13
  - CVE-2016-4992 389-ds-base: Information disclosure via repeated
    use of LDAP ADD operation, etc.
  - Ticket 47538 - Fix repl-monitor color and lag times
  - Ticket 47538 - repl-monitor.pl legend not properly sorted
  - Ticket 47538 - repl-monitor.pl not displaying correct color
    code for lag time
  - Ticket 47664 - Move CI test to the pr suite and refactor
  - Ticket 47824 - Remove CI test from tickets and add logging
  - Ticket 47911 - split out snmp agent into a subpackage
  - Ticket 47976 - Add fixed CI test case
  - Ticket 47982 - Fix log hr timestamps when invalid value is set
    in cn=config
  - Ticket 48109 - substring index with nssubstrbegin: 1 is not
    being used with filters like (attr=x*)
  - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the
    status of the directory server instance.
  - Ticket 48191 - Move CI test to the pr suite and refactor
  - Ticket 48234 - “matching rules” in ACI’s “bind rules not fully
    evaluated
  - Ticket 48234 - CI test: test case for ticket 48234
  - Ticket 48275 - search returns no entry when OR filter component
    contains non readable attribute
  - Ticket 48326 - Move CI test to config test suite and refactor
  - Ticket 48336 - Missing semanage dependency
  - Ticket 48336 - setup-ds should detect if port is already
    defined
  - Ticket 48346 - ldaputil code cleanup
  - Ticket 48346 - log too verbose when re-acquiring expired ticket
  - Ticket 48354 - Review of default ACI in the directory server
  - Ticket 48363 - CI test - add test suite
  - Ticket 48366 - proxyauth does not work bound as directory
    manager
  - Ticket 48404 - libslapd owned by libs and devel
  - Ticket 48449 - Import readNSState from richm’s repo
  - Ticket 48449 - Import readNSState.py from RichM’s repo
  - Ticket 48450 - Add prestart work around for systemd ask
    password
  - Ticket 48450 - Autotools components for
    ds_systemd_ask_password_acl
  - Ticket 48617 - Coverity fixes
  - Ticket 48636 - Fix config validation check
  - Ticket 48636 - Improve replication convergence
  - Ticket 48637 - DN cache is not always updated when ADD
    operation fails
  - Ticket 48743 - If a cipher is disabled do not attempt to look
    it up
  - Ticket 48745 - Matching Rule caseExactIA5Match indexes
    incorrectly values with upper cases
  - Ticket 48745 - Matching Rule caseExactIA5Match indexes
    incorrectly values with upper cases
  - Ticket 48747 - dirsrv service fails to start when
    nsslapd-listenhost is configured
  - Ticket 48752 - Page result search should return empty cookie if
    there is no returned entry
  - Ticket 48752 - Add CI test
  - Ticket 48754 - ldclt should support -H
  - Ticket 48755 - moving an entry could make the online init fail
  - Ticket 48755 - CI test: test case for ticket 48755
  - Ticket 48766 - Replication changelog can incorrectly skip over
    updates
  - Ticket 48767 - flow control in replication also blocks
    receiving results
  - Ticket 48795 - Make various improvements to create_test.py
  - Ticket 48799 - Test cases for objectClass values being dropped.
  - Ticket 48815 - ns-accountstatus.pl - fix DN normalization
  - Ticket 48832 - Fix timing and localhost issues
  - Ticket 48832 - CI tests
  - Ticket 48833 - 389 showing inconsistent values for shadowMax
    and shadowWarning in 1.3.5.1
  - Ticket 48834 - Fix jenkins: discared qualifier on auditlog.c
  - Ticket 48834 - Modifier’s name is not recorded in the audit log
    with modrdn and moddn operations
  - Ticket 48844 - Regression introduced in matching rules by DS
    48746
  - Ticket 48846 - 32 bit systems set low vmsize
  - Ticket 48846 - Older kernels do not expose memavailable
  - Ticket 48846 - Rlimit checks should detect RLIM_INFINITY
  - Ticket 48848 - modrdn deleteoldrdn can fail to find old
    attribute value, perhaps due to case folding
  - Ticket 48849 - Systemd introduced incompatible changes that
    breaks ds build
  - Ticket 48850 - Correct memory leaks in pwdhash-bin and ns-slapd
  - Ticket 48854 - Running db2index with no options breaks
    replication
  - Ticket 48855 - Add basic pwdPolicy tests
  - Ticket 48858 - Segfault changing nsslapd-rootpw
  - Ticket 48862 - At startup DES to AES password conversion causes
    timeout in start script
  - Ticket 48863 - remove check for vmsize from util_info_sys_pages
  - Ticket 48870 - Correct plugin execution order due to changes in
    exop
  - Ticket 48872 - Fix segfault and use after free in plugin
    shutdown
  - Ticket 48873 - Backend should accept the reduced cache
    allocation when issane == 1
  - Ticket 48877 - Fixes for RPM spec with spectool
  - Ticket 48880 - adding pre/post extop ability
  - Ticket 48882 - server can hang in connection list processing
  - Ticket 48889 - ldclt - fix man page and usage info
  - Ticket 48891 - ns-slapd crashes during the shutdown after
    adding attribute with a matching rule
  - Ticket 48892 - Wrong result code display in audit-failure log
  - Ticket 48893 - cn=config should not have readable components to
    anonymous
  - Ticket 48895 - tests package should be noarch
  - Ticket 48898 - Crash during shutdown if nunc-stans is enabled
  - Ticket 48899 - Values of dbcachetries/dbcachehits in cn=monitor
    could overflow.
  - Ticket 48900 - Add connection perf stats to logconv.pl
  - Ticket 48902 - Strdup pwdstoragescheme name to prevent
    misbehaving plugins
  - Ticket 48904 - syncrepl search returning error 329; plugin
    sending a bad error code
  - Ticket 48905 - coverity defects
  - Ticket 48912 - ntUserNtPassword schema
  - Ticket 48914 - db2bak.pl task enters infinitive loop when bak
    fs is almost full
  - Ticket 48916 - DNA Threshold set to 0 causes SIGFPE
  - Ticket 48918 - Upgrade to 389-ds-base >= 1.3.5.5 doesn’t
    install 389-ds-base-snmp
  - Ticket 48919 - Compiler warnings while building 389-ds-base on
    RHEL7
  - Ticket 48920 - Memory leak in pwdhash-bin
  - Ticket 48921 - Adding replication and reliability tests
  - Ticket 48922 - Fix crash when deleting backend while import is
    running
  - Ticket 48924 - Fixup tombstone task needs to set proper flag
    when updating tombstones
  - Ticket 48925 - slapd crash with SIGILL: Dsktune should detect
    lack of CMPXCHG16B
  - Ticket 48928 - log of page result cookie should log empty
    cookie with a different value than 0
  - Ticket 48930 - Paged result search can hang the server
  - Ticket 48934 - remove-ds.pl deletes an instance even if wrong
    prefix was specified
  - Ticket 48935 - Update dirsrv.systemd file
  - Ticket 48936 - Duplicate collation entries
  - Ticket 48939 - nsslapd-workingdir is empty when ns-slapd is
    started by systemd
  - Ticket 48940 - DS logs have warning:ancestorid not indexed
  - Ticket 48943 - When fine-grained policy is applied, a sub-tree
    has a priority over a user while changing password
  - Ticket 48943 - Add CI Test for the password test suite

-------------------------------------------------------------------
Wed Jun 29 13:11:38 UTC 2016 - mrueckert@suse.de

- update to 1.3.5.4
  - Ticket 48836 - replication session fails because of permission
    denied
  - Ticket 48837 - Replication: total init aborted
  - Ticket 48617 - Server ram checks work in isolation
  - Ticket 48220 - The “repl-monitor” web page does not display
    “year” in date.
  - Ticket 48829 - Add gssapi sasl replication bind test
  - Ticket 48497 - uncomment pytest from CI test
  - Ticket 48828 - db2ldif is not taking into account multiple
    suffixes or backends
  - Ticket 48818 - Fix case where return code is always -1
  - Ticket 48826 - 52updateAESplugin.pl may fail on older versions
    of perl
  - Ticket 48825 - Configure make generate invalid makefile
- changes from 1.3.5.3
  - Ticket 47536 - Allow usage of OpenLDAP libraries that don’t use
    NSS for crypto
  - Ticket 47536 - CI test: added test cases for ticket 47536
  - Ticket 47840 - default instance scripts if undefined.
  - Ticket 47888 - Add CI test
  - Ticket 47888 - DES to AES password conversion fails if a
    backend is empty
  - Ticket 47951 - Fix startpid from altering dev/null
  - Ticket 47968 - Disable journald logs by default
  - Ticket 47982 - HR Log timers, regression fix for subsystem
    logging
  - Ticket 48078 - CI test - paged_results - TET part
  - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the
    status of the directory server instance.
  - Ticket 48269 - ns-accountstatus status message improvement
  - Ticket 48342 - DNA: deadlock during DNA_EXTEND_EXOP_REQUEST_OID
  - Ticket 48342 - DNA Deadlock test cases
  - Ticket 48342 - Prevent transaction abort if a transaction has
    not begun
  - Ticket 48350 - Integrate ASAN into our rpm build process
  - Ticket 48374 - entry cache locks not released in error
    conditions
  - Ticket 48410 - 389-ds-base - Unable to remove / unregister a DS
    instance from admin server
  - Ticket 48447 - with-initddir should accept no
  - Ticket 48450 - Systemd password agent support
  - Ticket 48492 - heap corruption at schema replication.
  - Ticket 48597 - Deadlock when rebuilding the group of authorized
    replication managers
  - Ticket 48662 - db2index with no attribute args fail.
  - Ticket 48710 - auto-dn-suffix unrecognized option
  - Ticket 48769 - Fix white space in extendedop.c
  - Ticket 48769 - RFE: Be_txn extended operation plugin type
  - Ticket 48770 - Improve extended op plugin handling
  - Ticket 48775 - If nsSSL3 is on, even if SSL v3 is not really
    enabled, a confusing message is logged.
  - Ticket 48779 - Remove startpidfile check in start-dirsrv
  - Ticket 48781 - Vague error message: setup_ol_tls_conn - failed:
    unable to create new TLS context
  - Ticket 48782 - Make sure that when LDAP_OPT_X_TLS_NEWCTX is
    set, the value is set to zero.
  - Ticket 48783 - Fix ns-accountstatus.pl syntax error
  - Ticket 48784 - CI test: added test cases for ticket 48784
  - Ticket 48784 - Make the SSL version set to the client library
    configurable.
  - Ticket 48798 - Enable DS to offer weaker DH params in NSS
  - Ticket 48799 - objectclass values could be dropped on the
    consumer
  - Ticket 48800 - Cleaning up error buffers
  - Ticket 48801 - ASAN errors during tests
  - Ticket 48802 - Compilation warnings from clang
  - Ticket 48808 - Add test case
  - Ticket 48808 - Paged results search returns the blank list of
    entries
  - Ticket 48813 - password history is not updated when an admin
    resets the password
  - Ticket 48815 - ns-accountstatus.sh does handle DN’s with single
    quotes
  - Ticket 48818 - In docker, no one can hear your process hang.
  - Ticket 48822 - (389-ds-base-1.3.5) Fixing coverity issues.
  - Ticket 48824 - Cleanup rpm.mk and 389 specfile
- enable nunc-stans

-------------------------------------------------------------------
Fri Apr 29 00:51:36 UTC 2016 - mrueckert@suse.de

- should also define the username

-------------------------------------------------------------------
Fri Apr 29 00:27:43 UTC 2016 - mrueckert@suse.de

- fix building systemd stuff
- create user and home directory for it

-------------------------------------------------------------------
Thu Apr 14 01:52:13 UTC 2016 - mrueckert@suse.de

- limit gcc_security to TW. it enables compiler options not
  supported on leap e.g.

-------------------------------------------------------------------
Thu Apr 14 01:41:49 UTC 2016 - mrueckert@suse.de

- enable more gcc security features
- enable selinux
- fix the systemd options to actually pass some variable and also
  set the tmpfiles path

-------------------------------------------------------------------
Thu Apr 14 01:23:51 UTC 2016 - mrueckert@suse.de

- update to 1.3.5.1
  - Ticket 47982 - improve timestamp resolution in logs
  - Ticket 48759 - no plugin calls in tombstone purging
  - Ticket 48665 - Prevent sefault in
    ldbm_instance_modify_config_entry
  - Ticket 48757 - License tag does not match actual license of
    code
  - Ticket 48746 - Crash when indexing an attribute with a matching
    rule
  - Ticket 48497 - extended search without MR indexed attribute
    prevents later indexing with that MR
  - Ticket 48368 - Resolve the py.test conflicts with the
    create_test.py issue
  - Ticket 48748 - Fix memory_leaks test suite teardown failure
  - Ticket 48383 - import tasks with dynamic buffer sizes
  - Ticket 48420 - change severity of some messages related to
    "keep alive" entries
  - Ticket 48386 - Clean up dsktune code
  - Ticket 48537 - undefined reference to `abstraction_increment'
  - Ticket 48747 - dirsrv service fails to start when
    nsslapd-listenhost is configured
- changes from 1.3.5.0
  - Ticket 132   - Makefile.am must include header files and
    template scripts
  - Ticket 142   - [RFE] Default password syntax settings don't
    work with fine-grained policies
  - Ticket 548   - RFE: Allow AD password sync to update
    shadowLastChange
  - Ticket 47788 - Only check postop result if its a replication
    operation
  - Ticket 47840 - add configure option to disable instance
    specific scripts
  - Ticket 47968 - [RFE] Send logs to journald
  - Ticket 47977 - [RFE] Implement sd_notify mechanism
  - Ticket 48016 - search, matching rules and filter error
    "unsupported type 0xA9"
  - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the
    status of the directory server instance.
  - Ticket 48145 - RFE Add log file for rejected changes
  - Ticket 48147 - Unable to enable DS service for auto start
  - Ticket 48151 - Improve CleanAllRUV task logging
  - Ticket 48218 - cleanAllRUV - modify the existing "force" option
    to bypass the "replica online" checks
  - Ticket 48244 - No validation check for the value for
    nsslapd-db-locks.
  - Ticket 48257 - Fix coverity issues - 08/24/2015
  - Ticket 48263 - allow plugins to detect tombstone operations
  - Ticket 48269 - RFE: need an easy way to detect locked accounts
    locked by inactivity.
  - Ticket 48270 - fail to index an attribute with a specific
    matching rule/48269
  - Ticket 48280 - enable logging of internal ops in the audit log
  - Ticket 48285 - The dirsrv user/group should be created in rpm
    %pre, and ideally with fixed uid/gid
  - Ticket 48289 - 389-ds-base: ldclt-bin killed by SIGSEGV
  - Ticket 48290 - No man page entry for - option '-u' of dbgen.pl
    for adding group entries with uniquemembers
  - Ticket 48294 - Linked Attributes plug-in - won't update links
    after MODRDN operation
  - Ticket 48295 - Entry cache is not rolled back -- Linked
    Attributes plug-in - wrong behaviour when adding valid and
    broken links
  - Ticket 48311 - nunc-stans: Attempt to release connection that
    is not acquired
  - Ticket 48317 - SELinux port labeling retry attempts are
    excessive
  - Ticket 48326 - [RFE] it could be nice to have
    nsslapd-maxbersize default to bigger than 2Mb
  - Ticket 48350 - configure.ac add options for debbuging and
    security analysis / hardening.
  - Ticket 48351 - Fix buffer overflow error when reading url with
    len 0
  - Ticket 48363 - Support for rfc3673 '+' to return operational
    attributes
  - Ticket 48369 - [RFE] response control for password age should
    be sent by default by RHDS
  - Ticket 48384 - Server startup should warn about values
    consuming too much ram
  - Ticket 48387 - ASAN invalid read in cos_cache.c
  - Ticket 48394 - lower password history minimum to 1
  - Ticket 48395 - ASAN - Use after free in uiduniq 7bit.c
  - Ticket 48398 - Coverity defect 13352 - Resource leak in
    auditlog.c
  - Ticket 48400 - ldclt - segmentation fault error while binding
  - Ticket 48445 - keep alive entries can break replication
  - Ticket 48446 - logconv.pl displays negative operation speeds
  - Ticket 48566 - acl.c attrFilterArray maybe uninitialised.
  - Ticket 48662 - db2index with no attribute args fail.

-------------------------------------------------------------------
Tue Mar  1 16:39:06 UTC 2016 - claes.backstrom@opensuse.org

- Update to new upstream release 1.3.4.8
  * Various bugs are fixed 

-------------------------------------------------------------------
Fri Nov 20 10:49:42 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.4.5
  * Various bugs are fixed

-------------------------------------------------------------------
Mon Sep 14 08:50:01 UTC 2015 - hguo@suse.com

- Upgrade from 1.3.3.13 to 1.3.4.4 with accumulated bugfixes.

-------------------------------------------------------------------
Wed Sep  9 11:07:09 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.3.13
- Removed 389-ds-1.3.3.11-CVE-2015-3230.patch (included upstream)

-------------------------------------------------------------------
Wed Jun 17 09:38:48 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.3.11
- Added 389-ds-1.3.3.11-CVE-2015-3230.patch:
  nsSSL3Ciphers preference not enforced on server side
  [boo#934934] [CVE-2015-3230]

-------------------------------------------------------------------
Wed Apr 29 10:17:58 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.3.10
  * One important security bug was fixed:
    Bug 1216203 - CVE-2015-1854 389ds-base: access control bypass with modrdn

-------------------------------------------------------------------
Wed Apr 15 09:05:08 UTC 2015 - jengelh@inai.de

- Simplify filelist

-------------------------------------------------------------------
Mon Apr 13 19:30:00 UTC 2015 - aj@ajaissle.de

- Move bin/ and sbin/ to /usr/lib/389-ds/bin resp. sbin/
- Removed conflict with atheme

-------------------------------------------------------------------
Sat Mar 28 10:34:43 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.3.9
  * Several bugs are fixed including 2 security bugs
    Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all]
    Ticket 47431 - Duplicate values for the attribute nsslapd-pluginarg are not handled correctly
    Ticket 47451 - dynamic plugins - fix crash caused by invalid plugin config
    Ticket 47728 - compilation failed with ' incomplete struct/union/enum' if not set USE_POSIX_RWLOCKS
    Ticket 47742 - 64bit problem on big endian: auth method not supported
    Ticket 47801 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown
    Ticket 47828 - DNA scope: allow to exlude some subtrees
    Ticket 47836 - Do not return '0' as empty fallback value of nsds5replicalastupdatestart and nsds5replicalastupdatestart
    Ticket 47901 - After total init, nsds5replicaLastInitStatus can report an erroneous error status (like 'Referral')
    Ticket 47936 - Create a global lock to serialize write operations over several backends
    Ticket 47957 - Make ReplicaWaitForAsyncResults configurable
    Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD
    Ticket 48003 - add template scripts
    Ticket 48003 - build "suite" framework
    Ticket 48005 - ns-slapd crash in shutdown phase
    Ticket 48021 - nsDS5ReplicaBindDNGroup checkinterval not working properly
    Ticket 48027 - revise the rootdn plugin configuration validation
    Ticket 48030 - spec file should run "systemctl stop" against each running instance instead of dirsrv.target
    Ticket 48048 - Fix coverity issues - 2015/2/24
    Ticket 48048 - Fix coverity issues - 2015/3/1
    Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*)

-------------------------------------------------------------------
Wed Dec 24 21:05:17 UTC 2014 - aj@ajaissle.de

- Conflicts with atheme -- /usr/sbin/dbverify

-------------------------------------------------------------------
Tue Dec  9 15:41:21 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.3.5
* Several bugs are fixed.

-------------------------------------------------------------------
Tue Sep  9 09:50:20 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.3.0
* First cut of 389-ds-base-1.3.3.x

-------------------------------------------------------------------
Fri Aug 29 10:38:51 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.2.23
* Various bugs were fixed

- Highlights since 1.3.2.16:
* Important bugs including memory leaks and crash bugs were fixed
  (1.3.2.17)
* Various bugs were fixed (1.3.2.18)
* Various bugs were fixed (1.3.2.19)
* A security bug was fixed (1.3.2.22)

-------------------------------------------------------------------
Thu Mar 27 12:20:23 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.2.16
* Directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind 
* Create a normalized dn cache
* Replication retry time attributes cannot be added
* Empty control list causes LDAP protocol error is thrown (dup 47361)
* Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version
* Windows Sync group issues
* Size returned by slapi_entry_size is not accurate
* Single valued attribute replicated ADD does not work
* Environment variables are not passed when DS is started via service
* Propagate plugin precedence to all registered function types
* Unresolved external symbol references break loading of the ACL plugin
* Package issue in 389-ds-base

- Fix unresolveable 'Requires:'
* perl(Mozilla:LDAP) -> perl(Mozilla::LDAP::API), perl(Mozilla::LDAP::Conn),
  perl(Mozilla::LDAP::Entry), perl(Mozilla::LDAP::LDIF), perl(Mozilla::LDAP::Utils)
* cyrus-sasl-md5 -> cyrus-sasl-digestmd5

- Macros for dirsrv-snmp in pre/post/preun/postun

-------------------------------------------------------------------
Mon Feb 17 08:59:04 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.2.11
* Enhancement: ACL supports new keyword SELFDN as in "<userattr> =
  <attribute>#SELFDN" to allow users to create entries assigned to
  themselves. Also handling subtype in ACL is improved.
* A dozen of bugs are fixed including a crash bug and a deadlock. 

- Spec cleanup
* enable init scripts for openSUSE < 1220 (e.g. SLES)
* dirsrv.target.wants goes into unitdir
* Added a 389-ds-rpmlintrc

- Added 389-ds-base-1.3.2.11_init_fhs.patch
* Make init scripts LSB conform

-------------------------------------------------------------------
Fri Dec 27 02:28:55 UTC 2013 - jengelh@inai.de

- Update to new upstream release 1.3.2.10
* Suffixes used in the memberof and referential integrity plug-ins
  are now configurable.
* The hard-coded limit of 64 masters was removed.
* Enhancements: plug-in library path validation, replication
  logging, changelog trimming interval, and referential integrity.

-------------------------------------------------------------------
Fri Aug  2 10:05:12 UTC 2013 - jengelh@inai.de

- Update to new upstream release 1.3.1.5
* Plug-in transaction support
* Normalized DN cache
* Configurable allowed SASL mechanisms
* SASL mapping improvements
* Configurable SASL buffer
* Replication retry settings
* Instance script improvements
* Access log analyzer improvements
* Performance improvements 

-------------------------------------------------------------------
Mon Mar 11 11:47:45 UTC 2013 - jengelh@inai.de

- Update to new upstream release 1.3.0.3
* No NEWS file available; SCM changelog entries at
  http://port389.org/wiki/Releases/1.3.0.2#New_features_.2F_Fixed_bugs_in_1.3.0

-------------------------------------------------------------------
Wed Sep 26 11:06:01 UTC 2012 - jengelh@inai.de

- Update to new upstream release 1.2.11.15
* This is a bugfix release to CLEANALLRUV, userpassword,
  schema reloading and others.

-------------------------------------------------------------------
Mon Sep 17 09:26:12 UTC 2012 - jengelh@inai.de

- Initial package (version 1.2.11.12) for build.opensuse.org
openSUSE Build Service is sponsored by