File 389-ds.changes of Package 389-ds.34117

-------------------------------------------------------------------
Tue Feb 13 03:08:49 UTC 2024 - william.brown@suse.com

- bsc#1219836 - CVE-2024-1062 - #5647 - resolve possible denial of service when audit
  logging is enabled
- Update to version 2.2.8~git65.347aae6:
  * Issue 6052 - Paged results test sets hostname to `localhost` on test collection
  * Issue 6061 - Certificate lifetime displayed as NaN
  * Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045)
  * Issue 3555 - Remove audit-ci from dependencies (#6056)
  * Issue 5647 - Fix unused variable warning from previous commit (#5670)
  * issue 5647 - covscan: memory leak in audit log when adding entries (#5650)
  * Issue 6047 - Add a check for tagged commits
  * Issue 6041 - dscreate ds-root - accepts relative path (#6042)
  * Issue 6034 - Change replica_id from str to int
  * Issue 5938 - Attribute Names changed to lowercase after adding the Attributes (#5940)
  * Issue 5870 - ns-slapd crashes at startup if a backend has no suffix (#5871)
  * Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007)
  * Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994)
  * Issue 5954 - Disable Transparent Huge Pages

-------------------------------------------------------------------
Wed Nov 29 00:07:54 UTC 2023 - william.brown@suse.com

- bsc#1217581 - Replica ID cannot be specified for consumer and hub roles
- Update to version 2.2.8~git51.3688d68:
  * Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987)
  * Issue 5984 - Crash when paged result search are abandoned (#5985)
  * Issue 5971 - CLI - Fix password prompt for repl status (#5972)
  *  Issue 5956 - After an upgrade the server won't start - nsslapd-connta…  …blesize (#5963)
  * Issue 3555 - UI - Fix audit issue with npm - babel/traverse (#5959)
  * Issue 5966 - CLI - Custom schema object is removed on a failed edit (#5967)
  * Issue 5956 - After an upgrade the server won't start - nsslapd-conntablesize (#5957)
  * issue 5924 - ASAN server build crash when looping opening/closing connections (#5926)
  * Issue 5848 - Fix condition and add a CI test (#5916)
  * Issue 5909 - Multi listener hang with 20k connections (#5917)
  * Issue 5853 - Revert MSRV check (#5908)
  * Issue 5722 - improve testcase (#5904)
  * Bug Description:
  * Issue 5858 - WebUI monitoring test fails to run

-------------------------------------------------------------------
Tue Aug 15 04:08:16 UTC 2023 - william.brown@suse.com

- bsc#1212726 - SSSD client performance improvements
- Update to version 2.2.8~git37.fdb3bae:
  * Issue 5082 - slugify: ModuleNotFoundError when running test cases
  * Issue 4551 - Part 2 - Fix build warning of previous PR (#5888)
  * Issue 5834 - AccountPolicyPlugin erroring for some users (#5866)
  * Issue 5872 - part 2 - fix is_dbi regression (#5887)
  * Issue 5804 - dtablesize being set to soft maxfiledescriptor limit (#5806)
  * Issue 5848 - dsconf should prevent setting the replicaID for hub and consumer roles (#5849)
  * Issue 5883 - Remove connection mutex contention risk on autobind (#5886)
  * Issue 5872 - `dbscan()` in lib389 can return bytes
  * Bump version to 2.2.9
  * Issue 5729 - Memory leak in factory_create_extension (#5814)
  * Issue 5877 - test_basic_ldapagent breaks test_setup_ds_as_non_root* tests
  * Issue 5853 - Update Cargo.lock and fix minor warning (#5854)
  * Issue 5867 - lib389 should use filter for tarfile as recommended by PEP 706 (#5868)
  * Issue 5864 - Server fails to start after reboot because it's unable to access nsslapd-rundir
  * Issue 5856 - SyntaxWarning: invalid escape sequence '\,'
  * Issue 5859 - dbscan fails with AttributeError: 'list' object has no attribute 'extends'

-------------------------------------------------------------------
Fri Jul 21 04:20:07 UTC 2023 - william.brown@suse.com

- bsc#1212726 - SSSD client performance improvements
- Update to version 2.2.8~git21.c11e86f:
  * Issue 4551 - Paged search impacts performance (#5838)
  * Issue 4169 - UI - Fix retrochangelog and schema Typeaheads (#5837)
  * issue 5833 - dsconf monitor backend fails on lmdb (#5835)
  * Issue 3555 - UI - Fix audit issue with npm - semver and word-wrap

-------------------------------------------------------------------
Tue Jul 11 01:55:15 UTC 2023 - william.brown@suse.com

- bsc#1213190 - update for stability patches
- Update to version 2.2.8~git17.48834f1:
  * Issue 5752 - RFE - Provide a history for LastLoginTime (#5807)
  * Issue 5793 - UI - fix suffix selection in export modal
  * Issue 5825 - healthcheck - password storage scheme warning needs more info
  * Issue #5822 - Allow empty export path for db2ldif
  * Issue 5755 - Massive memory leaking on update operations (#5824)
  * Issue 5551 - Almost empty and not loaded ns-slapd high cpu load
  * Issue 5722 - RFE When a filter contains 'nsrole', improve response time by rewriting the filter (#5723)
  * Issue 5755 - The Massive memory leaking on update operations (#5803)
  * Issue 5752 - CI - Add more tests for lastLoginHistorySize RFE (#5802)
  * Issue 2375 - CLI - Healthcheck - revise and add new checks
  * Issue 5781 - Bug handling return code of pre-extended operation plugin.
  * Issue 5646 - Various memory leaks (#5725)
  * Issue 5789 - Improve ds-replcheck error handling

-------------------------------------------------------------------
Tue May 30 00:29:53 UTC 2023 - william.brown@suse.com

- bsc#1211812 - update for stability patches
- Update to version 2.2.8~git4.1eeaedf:
  * Issue 5642 - Build fails against setuptools 67.0.0
  * Issue 5778 - UI - Remove error message if .dsrc is missing
  * Issue 5751 - Cleanallruv task crashes on consumer (#5775)
  * Issue 5743 - Disabling replica crashes the server (#5746)
  * Bump version to 2.2.8
  * Issue 5752 - RFE - Provide a history for LastLoginTime (#5753)
  * Issue 5770 - RFE - Extend Password Adminstrators to allow skipping password info updates
  * Issue 5768 - CLI/UI - cert checks are too strict, and other issues
  * Issue 5765 - Improve installer selinux handling
  * Issue 5643 - Memory leak in entryrdn during delete (#5717)
  * Issue 152 - RFE - Add support for LDAP alias entries
  * Issue 5052 - BUG - Custom filters prevented entry deletion (#5060)
  * Issue 5704 - crash in sync_refresh_initial_content (#5720)
  * Issue 5738 - RFE - UI - Read/write replication monitor info to .dsrc file
  * Issue 5749 - RFE - Allow Account Policy Plugin to handle inactivity and expiration at the same time
  * Bump version to 2.2.7

-------------------------------------------------------------------
Fri Apr 21 00:36:40 UTC 2023 - william.brown@suse.com

- bsc#1210462 - OpenLDAP to 389-ds migration - exclude some unsupported attributes.
- Update to version 2.2.6~git40.002a0ca:
  * Issue 5734 - RFE - Exclude pwdFailureTime and ContextCSN (#5735)
  * Issue 5726 - ns-slapd crashing in ldbm_back_upgradednformat (#5727)
  * Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations
  * Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711)
  * Issue 1081 - Stop schema replication from overwriting x-origin
  * Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699)
  * Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692)
  * Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691)
  * Issue 5687 - UI - sensitive information disclosure
  * Issue 4583 - Update specfile to skip checks of ASAN builds
  * Issue 5550 - dsconf monitor crashes with Error math domain error (#5553)
  * Issue 3604 - UI - Add support for Subject Alternative Names in CSR
  * Issue 5600 - buffer overflow when enabling sync repl plugin when dynamic plugins is enabled
  * Fix build break
  * Issue 5640 - Update logconv for new logging format
  * Issue 5545 - A random crash in import over lmdb (#5546)
  * Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498)
  * Issue 5408: lmdb import is slow (#5481)
  * Issue 5162 - CI - fix error message for invalid pem file
  * Issue 5598 - In 2.x, SRCH throughput drops by 10% because of handling of referral (#5604)
  * Issue 5671 - covscan - clang warning (#5672)
  * Issue 5267 - CI - Fix issues with nsslapd-return-original-entrydn
  * Issue 5666 - CLI - Add timeout parameter for tasks
  * Issue 5567 - CLI - make ldifgen use the same default ldif name for all options
  * Issue 5162 - Lib389 - verify certificate type before adding
  * Issue 5630 - CLI - need to add logging filter for stdout
  * Issue 5646 - CLI/UI - do not hardcode password storage schemes
  * Issue 5640 - Update logconv for new logging format
  * Issue 5652 - Libasan crash in replication/cascading_test (#5659)
  * Issue 5658 - CLI - unable to add attribute with matching rule
  * Issue 5653 - covscan - fix invalid dereference
  * Issue 5648 - Covscan - Compiler warnings (#5651)
  * Issue 5630 - CLI - error messages should goto stderr
  * Issue 2435 - RFE - Raise IDL Scan Limit to INT_MAX (#5639)
  * Issue 5632 - CLI - improve error handling with db2ldif
  * Issue 5578 - dscreate ds-root does not normaile paths (#5613)
  * Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579)
  * Issue 5624 - RFE - UI - export certificates, and import text base64 encoded certificates
  * Issue 4293 - RFE - CLI - add dsrc options for setting user and group subtrees
  * Issue 5497 - boolean attributes should be case insensitive
  * Bump version to 2.2.6
  * Issue 5607, 5351, 5611 - UI/CLI - fix various issues
  * Issue 5608 - UI - need to replace some "const" with "let"
  * Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584)
  * Issue 5602 - UI - browser crash when trying to modify read-only variable
  * Issue 5581 - UI - Support cockpit dark theme

-------------------------------------------------------------------
Wed Jan 11 01:51:45 UTC 2023 - william.brown@suse.com

- bsc#1205996 - prevent segfault in cl5configtrim
- Update to version 2.2.4~git25.c81ee34:
  * Issue 5593 - CLI - dsidm account subtree-status fails with TypeError
  * Issue 5591 - BUG - Segfault in cl5configtrim with invalid confi (#5592)
  * Fix latest npm audit failures
  * Issue 5599 - CI - webui tests randomly fail
  * Issue 5348 - RFE - CLI - add functionality to do bulk updates to entries

-------------------------------------------------------------------
Fri Jan 06 01:29:49 UTC 2023 - william.brown@suse.com

- bsc#1206563 - improve pam_saslauthd migration handling from openldap
- Update to version 2.2.4~git20.7eba9b9:
  * Issue 5526 - RFE - Improve saslauthd migration options (#5528)
  * Issue 5588 - Fix CI tests
  * Issue 5585 - lib389 password policy DN handling is incorrect (#5587)
  * Issue 5521 - UI - Update plugins for new split PAM and LDAP pass thru auth
  * Bump version to 2.2.5
  * Issue 5236 - UI add specialized group edit modal
  * Issue 5278 - CLI - dsidm asks for the old password on password reset
  * Issue 5531 - CI - use universal_lines in capture_output
  * Issue 5505 - Fix compiler warning (#5506)
  * Issue 3615 - CLI - prevent virtual attribute indexing
  * Issue 5413 - Allow mutliple MemberOf fixup tasks with different bases/filters
  * Issue 5561 - Nightly tests are failing

-------------------------------------------------------------------
Tue Dec 06 02:25:05 UTC 2022 - william.brown@suse.com

- bsc#1205974 - support pam_saslauthd for authentication pass through
  requirements. See also jsc#PED-2701
- Update to version 2.2.4~git8.8a6e7be:
  * Issue 5521 - RFE - split pass through auth cli
  * Issue 5521 - BUG - Pam PTA multiple issues
  * Issue 5544 - Increase default task TTL

-------------------------------------------------------------------
Wed Nov 23 22:50:51 UTC 2022 - william.brown@suse.com

- Update to version 2.2.4~git5.d25f9eb:
  * Issue 5541 - Fix typo in `lib389.cli_conf.backend._get_backend` (#5542)
  * Issue 5539 - Make logger's parameter name unified (#5540)
  * Issue 3729 - (cont) RFE Extend log of operations statistics in access log (#5538)
  * Issue 5534 - Fix a rebase typo (#5537)
  * Issue 5534 - Add copyright text to the repository files
  * Bump version to 2.2.4
  * Issue 5532 - Make db compaction TOD day more robust.
  * Issue 3729 - RFE Extend log of operations statistics in access log (#5508)
  * Issue 5529 - UI - Fix npm vulnerability in loader-utils
  * Issue 3555 - UI - fix audit issue with npm loader-utils (#5514)
  * Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement
  * Issue 5510 - remove twalk_r dependency to build on RHEL8 (#5516)
  * Issue 5162 - RFE - CLI allow adding CA certificate bundles
  * Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455)
  * Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513)
  * Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed
  * Issue 5502 - RFE - Add option to display entry attributes in audit log
  * Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501)
  * Issue 5367 - RFE - store full DN in database record

-------------------------------------------------------------------
Fri Oct 21 03:34:30 UTC 2022 - william.brown@suse.com

- Update to version 2.2.3~git20.b1ed566:
  * Issue 5495 - RFE - skip dds during migration. (#5496)
  * Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492)
  * Issue 5368 - Retro Changelog trimming does not work (#5486)
  * Issue 5487 - Fix various issues with logconv.pl
  * Issue 5482 - lib389 - Can not enable replication with a mixed case suffix
  * Issue 5478 - Random crash in connection code during server shutdown (#5479)
  * Issue 3061 - RFE - Add password policy debug log level
  * Issue 4324 - Revert recursive pthread mutex usage in factory.c
  * Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264)
  * Issue 4324 - Revert recursive pthread mutex change (#5463)

-------------------------------------------------------------------
Fri Oct 21 03:08:36 UTC 2022 - william.brown@suse.com

- bsc#1204493 - Improve reliability of migrations from openldap when dynamic directory services
  is configured.
- Update to version 2.0.16~git52.76ecbe1:
  * Issue 5495 - RFE - skip dds during migration. (#5496)
  * Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492)
  * Issue 5368 - Retro Changelog trimming does not work (#5486)
  * Issue 5487 - Fix various issues with logconv.pl
  * Issue 5482 - lib389 - Can not enable replication with a mixed case suffix
  * Issue 4776 - Fix entryuuid fixup task (#5483)
  * Issue 5356 - Update Cargo.lock and bootstrap PBKDF2-SHA512 (#5480)
  * Issue 3061 - RFE - Add password policy debug log level
  * Issue 5462 - RFE - add missing default indexes (#5464)
  * Issue 4324 - Revert recursive pthread mutex usage in factory.c

-------------------------------------------------------------------
Mon Sep 26 05:52:46 UTC 2022 - william.brown@suse.com

- bsc#1194119 - CVE-2021-45710 - tokio data race with memory corruption
- Update to version 2.0.16~git37.9a47b3d2:
  * Revert "Issue 5446 - Fix some covscan issues (#5451)"
  * Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255)
  * Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272)
  * Issue 5453 - UI/CLI - Changing Root DN breaks UI
  * Issue 5446 - Fix some covscan issues (#5451)
  * Issue 5294: Report Portal 5 is not processing an XML file with (#5358)
  * Issue 4588 - Gost yescrypt may fail to build on some older versions of glibc
  * Issue 4308 - checking if an entry is a referral is expensive
  * Issue 5447 - UI - add NDN max cache size to UI
  * Issue 5443 - UI - disable save button while saving
  * Issue 5077 - UI - Add retrocl exclude attribute functionality (#5078)

-------------------------------------------------------------------
Tue Aug 23 01:50:22 UTC 2022 - william.brown@suse.com

- bsc#1202470 - CVE-2022-2850 - Resolve sync repl crash during invalid cookie handling
- Update to version 2.0.16~git20.219f047ae:
  * Issue #5423 - Fix missing 'not' in description
  * Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422)
  * Issue 3903 - fix repl keep alive event interval
  * Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420)
  * Issue 5415 - Hostname when set to localhost causing failures in other tests
  * Issue 5412 - lib389 - do not set backend name to lowercase
  * Issue 3903 - keep alive update event starts too soon
  * Issue 5397 - Fix various memory leaks
  * Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400)
  * Issue 3903 - Supplier should do periodic updates

-------------------------------------------------------------------
Tue Aug 02 04:30:18 UTC 2022 - william.brown@suse.com

- bsc#1197998 - Update sudoers schema to support UTF-8
- Update to version 2.0.16~git9.e2a858a86:
  * Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387)
  * Issue 5383 - UI - Various fixes and RFE's for UI
  * Issue 4656 - Remove problematic language from source code
  * Issue 5380 - Separate cleanAllRUV code into new file
  * Issue 5322 - optime & wtime on rejected connections is not properly set
  * Issue 5375 - CI - disable TLS hostname checking
  * Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function
  * Issue 5371 - Update npm and cargo packages
  * Issue 3069 - Support ECDSA private keys for TLS (#5365)
  * Bump version to 2.0.16

-------------------------------------------------------------------
Wed Jun  8 05:48:39 UTC 2022 - William Brown <william.brown@suse.com>

- Changelog fix - bsc#1195324 - CVE-2021-4091 - double free in psearch

-------------------------------------------------------------------
Tue May 31 01:25:48 UTC 2022 - william.brown@suse.com

- bsc#1199889 - CVE-2022-1949 - full access control bypass with simple crafted query, resolved
  by Issue 5170.
- Update to version 2.0.15~git26.1ea6a6803:
  * Issue 5302 - Release tarballs don't contain cockpit webapp
  * Issue 5237 - audit-ci: Cannot convert undefined or null to object
  * Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285)
  * Issue 4970 - Add support for recursively deleting subentries
  * Issue 5284 - Replication broken after password change (#5286)
  * Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292)
  * Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'
  * Issue 5170 - RFE - Filter optimiser (#5171)
  * Issue 5276 - CLI - improve task handling
  * Issue 5273 - CLI - add arg completer for instance name

-------------------------------------------------------------------
Tue May 03 01:47:13 UTC 2022 - william.brown@suse.com

- Resolve bsc#1199008 - An incorrectly backported fix would cause dscontainer not to start
  due to a missing function definition
- Update to version 2.0.15~git17.498ec3e93:
  * Issue 5273 - CLI - add arg completer for instance name
  * Issue 2893 - CLI - dscreate - add options for setting up replication
  * Issue 4866 - CLI - when enabling replication set changelog trimming by default
  * Issue 5241 - UI - Add account locking missing functionality (#5251)
  * Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266)
  * Issue 5098 - Fix cherry-pick error
  * Fix cherry-pick error
  * Issue 4904 - Fix various small issues
  * Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261)
  * Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256)
  * Issue 5210 - Python undefined names in lib389
  * Issue 4959 - BUG - Invalid /etc/hosts setup can cause isLocalHost (#4960)
  * Issue 5249 - dscontainer: ImportError: cannot import name 'get_default_db_lib' from 'lib389.utils'

-------------------------------------------------------------------
Thu Mar 31 04:41:36 UTC 2022 - william.brown@suse.com

- Resolve bsc#1197275 - CVE-2022-0918 - Crafted message may cause DoS
- Update to version 2.0.15~git4.f46ab49c9:
  * Issue 5242- Craft message may crash the server (#5243)
  * Issue 5234 - UI - rename Users and Groups tab
  * Issue 5217 - Simplify instance creation and administration by non root user (#5224)
  * Issue 5227 - UI - No way to move back to Get Started step (#5233)
  * Bump version to 2.0.15
  * Issue 5230 - Race condition in RHDS disk monitoring functions
  * Issue 4299 - UI - Add CoS funtionality (#5196)
  * Issue 5225 - UI - impossible to manually set entry cache
  * Issue 5186 - UI - Fix SASL Mapping regex test feature
  * Issue 5221 - User with expired password can still login with full privledges

-------------------------------------------------------------------
Tue Mar 22 00:21:35 UTC 2022 - william.brown@suse.com

- Resolve bsc#1197345 - CVE-2022-0996 - Mishandling of password expiry
- Update to version 2.0.14~git25.e6431d959:
  * Issue 5221 - User with expired password can still login with full privledges
  * Issue 5218 - double-free of the virtual attribute context in persistent search (#5219)
  * Issue 5200 - dscontainer should use environment variables with DS_ prefix
  * Issue 5193 - Incomplete ruv occasionally returned from ruv search (#5194)
  * Issue 5189 - memberOf plugin exclude subtree not cleaning up groups on modrdn
  * Issue 5188 - UI - LDAP editor - add entry and group types
  * Issue 5184 - memberOf does not work correctly with multiple include scopes
  * Issue 5162 - BUG - error on importing chain files (#5164)
  * Issue 5186 - UI - Fix SASL Mapping regex validation and other minor improvements
  * Issue 5048 - Support for nsslapd-tcp-fin-timeout and nsslapd-tcp-keepalive-time (#5179)

-------------------------------------------------------------------
Tue Feb 22 00:20:18 UTC 2022 - william.brown@suse.com

- fixes bsc#1196425
- jsc#SLE-22585 - Support running with bare uid/gid (non-root) in containers.
- Update to version 2.0.14~git12.d04ffd4b6:
  * Issue 5102 - BUG - container may fail with bare uid/gid (#5140)
  * Issue 5137 - RFE - improve sssd conf output (#5138)
  * Issue 5145 - Fix covscan errors
  * Issue 4721 - UI - attribute uniqueness crashes UI when there are no configs
  * Issue 5155 - RFE - Provide an option to abort an Auto Member rebuild task
  * Issue 4299 - UI - Add Role funtionality (#5163)
  * Issue 5050 - bdb bulk op fails if fs page size > 8K (#5150)
  * Issue 4775 - Add entryuuid CLI and Fixup (#4776)
  * Issue 5142 - CLI - dsctl dbgen is broken
  * Issue 4299 - UI - fix minor issues with ldap editor (table view)

-------------------------------------------------------------------
Tue Feb 22 00:20:18 UTC 2022 - william.brown@suse.com

- jsc#SLE-22585 - Support running with bare uid/gid (non-root) in containers.
- Update to version 2.0.14~git12.d04ffd4b6:
  * Issue 5102 - BUG - container may fail with bare uid/gid (#5140)
  * Issue 5137 - RFE - improve sssd conf output (#5138)
  * Issue 5145 - Fix covscan errors
  * Issue 4721 - UI - attribute uniqueness crashes UI when there are no configs
  * Issue 5155 - RFE - Provide an option to abort an Auto Member rebuild task
  * Issue 4299 - UI - Add Role funtionality (#5163)
  * Issue 5050 - bdb bulk op fails if fs page size > 8K (#5150)
  * Issue 4775 - Add entryuuid CLI and Fixup (#4776)
  * Issue 5142 - CLI - dsctl dbgen is broken
  * Issue 4299 - UI - fix minor issues with ldap editor (table view)

-------------------------------------------------------------------
Tue Jan 25 01:34:10 UTC 2022 - william.brown@suse.com

- Update to version 2.0.13~git1.72eb93ac9:
  * Issue 5129 - BUG - Incorrect fn signature in add_index (#5130)
  * Bump version to 2.0.13
  * Issue 5132 - Update Rust crate lru to fix CVE
  * Issue 3555 - UI - fix audit issue with npm nanoid
  * Issue 4299 - UI - Add ACI editing features
  * Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality
  * Issue 5127 - run restorecon on /dev/shm at server startup
  * Issue 5124 - dscontainer fails to create an instance
  * Issue 4312 - fix compiler warning
  * Issue 5115 -  AttributeError: type object 'build_manpages' has no attribute 'build_manpages'

-------------------------------------------------------------------
Mon Jan 10 05:24:08 UTC 2022 - William Brown <william.brown@suse.com>

- Resolve boo#1194068 by adding required schema
- Add missing support utils plugin

-------------------------------------------------------------------
Mon Jan 10 05:20:23 UTC 2022 - william.brown@suse.com

- Update to version 2.0.11~git13.e14935725:
  * Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094)
  * Issue 5079 - BUG - multiple ways to specific primary (#5087)
  * Issue 4992 - BUG - slapd.socket container fix (#4993)
  * Issue 5037 - in OpenQA changelog trimming can crashes (#5070)
  * Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality
  * Issue 4962 - Fix various UI bugs - Database and Backups (#5044)
  * Issue 5046 - BUG - update concread (#5047)
  * Issue 5043 - BUG - Result must be used compiler warning (#5045)
  * Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections
  * Issue 4931 - RFE: dsidm - add creation of service accounts
  * Issue 5024 - BUG - windows ro replica sigsegv (#5027)
  * Issue 5020 - BUG - improve clarity of posix win sync logging (#5021)
  * Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeeds (#5009)
  * Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016)
  * Issue 5014 - UI - Add group creation to LDAP editor
  * Issue 5006 - UI - LDAP editor tree not being properly updated
  * Issue 5001 - Update CI test for new availableSASLMechs attribute
  * Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail.
  * Issue 5001 - Fix next round of UI bugs:
  * Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000)
  * Issue 4978 - use more portable python command for checking containers
  * Issue 4678 - RFE automatique disable of virtual attribute checking (#4918)
  * Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981)
  * Issue 4978 - make installer robust
  * Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import
  * Issue 4973 - update snmp to use /run/dirsrv for PID file
  * Issue 4962 - Fix various UI bugs - Plugins (#4969)
  * Issue 4973 - installer changes permissions on /run
  * Issue 4092 - systemd-tmpfiles warnings
  * Issue 4956 - Automember allows invalid regex, and does not log proper error
  * Issue 4731 - Promoting/demoting a replica can crash the server
  * Issue 4962 - Fix various UI bugs part 1
  * Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)
  * Issue 4943 - Fix csn generator to limit time skew drift (#4946)
  * Issue 2790 - Set db home directory by default
  * Bump github contianer shm size to 4 gigs
  * Issue 4299 - Merge LDAP editor code into Cockpit UI
  * Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace
  * Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922)
  * Issue 4847 - BUG - potential deadlock in replica (#4936)
  * Issue 4513 - fix ACI CI tests involving ip/hostname rules
  * Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926)
  * Issue 4916 - Memory leak in ldap-agent

-------------------------------------------------------------------
Mon Nov 29 00:23:51 UTC 2021 - William Brown <william.brown@suse.com>

- jsc#SLE-22962 - submit 2.x version in preparation for BDB to LMDB transition
- Add missing dependency on iproute2 for lib389
- Update to version 2.0.10~git0.21dd2802c:
  * Bump version to 2.0.10
  * Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
  * Issue 4912 - Account Policy plugin does not set the config entry DN
  * Issue 4863 - typoes in logconv.pl
  * Issue 4796 - Add support for nsslapd-state to CLI & UI
  * Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
  * Issue 4912 - dsidm command crashing when account policy plugin is enabled
  * Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
  * Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks
  * Issue 4887 - UI - fix minor regression from camelCase fixup
  * Bump version to 2.0.9
  * Issue 4887 - UI - Update webpack.config.js and package.json
  * Issue 4149 - UI - Migrate the remaining components to PF4
  * Issue 4875 - CLI - Add some verbosity to installer
  * Issue 4884 - server crashes when dnaInterval attribute is set to zero
- Update to version 2.0.8~git0.553f26c87:
  * Bump version to 2.0.8
  * Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878)
  * Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876)
  * Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867)
  * Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871)
  * Issue 4736 - lib389 - fix regression in certutil error checking
  * Issue 4861 - Improve instructions in custom.conf for memory leak detection
  * Issue 4859 - Don't version libns-dshttpd
  * Issue 4169 - Migrate Replication & Schema tabs to PF4
  * Issue 4623 - RFE - Monitor the current DB locks ( nsslapd-db-current-locks )
  * Issue 4736 - CLI - Errors from certutil are not propagated
  * Issue 4460 - Fix isLocal and TLS paths discovery (#4850)
  * Issue 4848 - Force to require nss version greater or equal as the version available at the build time
  * Issue - 4696 - Password hash upgrade on bind (#4840)
  * Bump version to 2.0.7
  * Issue 4443 - Internal unindexed searches in syncrepl/retro changelog
  * Issue 4603 - Reindexing a single backend (#4831)
  * Issue 4169 - UI - migrate Server Tab forms to PF4
  * Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819)
  * Issue 4820 - RFE - control flow integrity (#4821)
  * Issue 4706 - negative wtime for compare operations (#4780)
  * Issue 4414 - SIGFPE crash in rhds disk monitoring routine (#4829)
  * Issue 4262 - Fix Index out of bound in fractional test (#4828)
  * Issue 4826 - Filter argparse-manpage from autogenerated requires
  * Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823)
  * Issue 2820 - Fix CI test suite issues
  * Bump version to 2.0.6
- Remove unneeded shadow dependency, no longer required due to
  systemd-sysusers
- Update to version 2.0.6~git0.d81dc6c90:
  * Bump version to 2.0.6
  * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions
  * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810)
  * Issue 4169 - UI - Migrate Typeaheads to PF4 (#4808)
  * Issue 4414 - disk monitoring - prevent division by zero crash
  * Issue 4788 - CLI should support Temporary Password Rules attributes (#4793)
  * Issue 4656 - Fix replication plugin rename dependency issues
  * Issue 4656 - replication name change upgrade code causes crash with dynamic plugins
  * Issue 4506 - Improve SASL logging
  * Issue 4709 - Fix double free in dbscan
  * Issue 4093 - Fix MEP test case
  * Issue 4747 - Remove unstable/unstatus tests (followup) (#4809)
  * Issue 4791 - Missing dependency for RetroCL RFE (#4792)
  * Issue 4794 - BUG - don't capture container output (#4798)
  * Issue 4593 - Log an additional message if the server certificate nickname doesn't match nsSSLPersonalitySSL value
  * Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799)
  * Issue 4169 - UI Migrate checkbox to PF4 (#4769)
  * Issue 4447 - Crash when the Referential Integrity log is manually edited
  * Issue 4773 - Add CI test for DNA interval assignment
  * Issue 4789 - Temporary password rules are not enforce with local password policy (#4790)
  * Issue 4379 - fixing regression in test_info_disclosure
  * Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service
  * Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service
  * Issue 4575 Update test docstrings metadata
  * Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream
  * removed the snmp_present() from utils.py as we have get_rpm_version() in conftest.py
  * Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream
- Fix requires as openssl cli is required by 389-ds now.
- Add now working CONFIG parameter to sysusers generator
- Update to version 2.0.5~git0.607bfbf16:
  * Bump version to 2.0.5
  * Issue 4778 - RFE - Allow setting TOD for db compaction and add task
  * Issue 4169 - UI - Port plugin tables to PF4
  * Issue 4656 - Allow backward compatilbity for replication plugin name change
  * Issue 4764 - replicated operation sometime checks ACI (#4783)
  * Issue 2820 - Fix CI test suite issues
  * Issue 4781 - There are some typos in man-pages
  * Issue 4773 - Enable interval feature of DNA plugin
  * Issue 4623 - RFE - Monitor the current DB locks (#4762)
  * Issue 3555 - Fix UI audit issue
  * Issue 4725 - Fix compiler warnings
  * Issue 4770 - Lower FIPS logging severity
  * Issue 4765 - database suffix unexpectdly changed from .db to .db4 (#4766)
  * Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727)
  * Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748)
  * Issue 4759 - Fix coverity issue (#4760)
  * Issue 4169 - UI - Migrate Buttons to PF4 (#4745)
  * Issue 4714 - dscontainer fails with rootless podman
  * Issue 4750 - Fix compiler warning in retrocl (#4751)
  * Issue 4742 - UI - should always use LDAPI path when calling CLI
  * Issue 4169 - UI - Migrate Server, Security, and Schema tables to PF4
  * Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732)
  * Issue 4701 - RFE - Exclude attributes from retro changelog (#4723)
  * Issue 4740 - Fix CI lib389 userPwdPolicy and subtreePwdPolicy (#4741)
  * Issue 4711 - SIGSEV with sync_repl (#4738)
  * Issue 4734 - import of entry with no parent warning (#4735)
  * Issue 4729 - GitHub Actions fails to run pytest tests
  * Issue 4656 - Remove problematic language from source code
  * Issue 4632 - dscontainer: SyntaxWarning: "is" with a literal.
  * Issue 4169 - UI - migrate replication tables to PF4
  * Issue 4637 - ndn cache leak (#4724)
  * Issue 4577 - Fix ASAN flags in specfile
  * Issue 4169 - UI - PF4 migration - database tables
  * issue 4653: refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan (#4709)
- Recommend openssl(cli) by lib389: admin tools like dscreate can
  call out to /usr/bin/openssl to manage certificates. As the admin
  could decide to manage the certificates differently, we only
  recommend openssl here.
- Update to version 389-ds-base-2.0.4~git0.7f6ba5a37:
  * Bump version to 2.0.4
  * Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA (#4715)
  * Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4713)
  * Issue 4700 - Regression in winsync replication agreement (#4712)
  * Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4710)
  * Issue 4169 - UI - migrate monitor tables to PF4
  * issue 4585 - backend redesign phase 3c - dbregion test removal (#4665)
  * Issue 2736 - remove remaining perl references
  * Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736
  * Issue 4706 - negative wtime in access log for CMP operations
  * Issue 3585 - LDAP server returning controltype in different sequence
  * Issue 4127 - With Accounts/Account module delete fuction is not working (#4697)
  * Issue 4666 - BUG - cb_ping_farm can fail with anonymous binds disabled (#4669)
  * Issue 4671 - UI - Fix browser crashes
  * Issue 4169 - UI - Add PF4 charts for server stats
  * Issue 4648 - Fix some issues and improvement around CI tests (#4651)
  * Issue  4654  Updates to tickets/ticket48234_test.py  (#4654)
  * Issue 4229 - Fix Rust linking
  * Issue 4673 - Update Rust crates
  * Issue 4658 - monitor - connection start date is incorrect
  * Issue 4169 - UI - migrate modals to PF4
  * Issue 4656 - remove problematic language from ds-replcheck
  * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down
  * Issue 4656 - Remove problematic language from UI/CLI/lib389
  * Issue 4661 - RFE - allow importing openldap schemas (#4662)
  * Issue 4659 - restart after openldap migration to enable plugins (#4660)
  * Merge pull request #4664 from mreynolds389/issue4663
  * issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622)
  * Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645)
  * Issue 4646 - CLI/UI - revise DNA plugin management
  * Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
  * Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
  * Issue 4169 - UI - Migrate alerts to PF4
  * Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection
  * Issue 4595 - Paged search lookthroughlimit bug (#4602)
  * Issue 4169 - UI - port charts to PF4
  * Issue 2820 - Fix CI test suite issues
  * Issue 4513 - CI - make acl ip address tests more robust
  * Bump version to 2.0.3
  * Issue 4619 - remove pytest requirement from lib389
  * Issue 4615 - log message when psearch first exceeds max threads per conn
  * Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618)
  * Issue 4324 - Some architectures the cache line size file does not exist
  * Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
  * Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm
  * Update dscontainer (#4564)
  * Issue 4149 - UI - port TreeView and opther components to PF4
  * Issue 4577 - Add GitHub actions
  * Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
  * issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613)
  * Issue 4609 - CVE - info disclosure when authenticating
  * Issue 4348 - Add tests for dsidm
  * Issue 4571 - Stale libdb-utils dependency
  * Issue 4600 - performance modify rate: reduce lock contention on the object extension factory (#4601)
  * Issue 4577 - Add GitHub actions
  * Issue 4588 - BUG - unable to compile without xcrypt (#4589)
  * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584)
  * Issue 4581 - A failed re-indexing leaves the database in broken state (#4582)
  * Issue 4348 - Add tests for dsidm
  * Issue 4577 - Add GitHub actions
  * Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
  * Issue 4093 - fix compiler warnings and update doxygen
  * Issue 4575 - Update test docstrings metadata
  * Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553)
  * Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569)
  * Issue 4513 - Add DS version check to SSL version test (#4570)
  * Issue 5442 - Search results are different between RHDS10 and RHDS11
  * Issue 4396 - Minor memory leak in backend (#4558)
  * Revert "Update metadata for customerscenario in test docstring"
  * Update metadata for customerscenario in test docstring
  * Issue 4513 - Fix replication CI test failures (#4557)
  * Issue 4513 - Fix replication CI test failures (#4557)
  * Issue 4153 - Added a CI test (#4556)
  * Issue 4506 - BUG - fix oob alloc for fds (#4555)
  * Issue 4548 - CLI - dsconf needs better root DN access control plugin validation
  * Issue 4506 - Temporary fix for io issues (#4516)
  * Issue 4535 - lib389 - Fix log function in backends.py
  * Issue 4534 - libasan read buffer overflow in filtercmp (#4541)
  * Issue 4544 - Compiler warnings on krb5 functions (#4545)
  * Update rpm.mk for RUST tarballs
- small spec cleanup
- As there is no python-* package, the direct use of singlespec
  seems unapplicable. So do not build for all python3.x flavors,
  but only for the main one:
  + Use releavant %python3_ macros.
  + Do not use %python_module, as this pulls in all python
    versions.
- Update to version 2.0.2~git0.6d17ca7df:
  * Bump version to 2.0.2
  * Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540)
  * Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529)
  * Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated
  * Issue 4537 - Use KRB5_CLIENT_KTNAME for client keytabs (#4523)
  * Issue 4513 - CI Tests - fix test failures
  * Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533)
  * Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt
  * Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527)
  * Issue 4506 - BUG - Fix bounds on fd table population (#4520)
  * Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525)
  * Issue 4219 - Log internal unindexed searches (notes=A)
  * Issue 4384 - Separate eventq into REALTIME and MONOTONIC
  * Issue 4381 - RFE - LDAPI authentication DN rewritter
  * Issue 4513 - Fix schema test and lib389 task module (#4514)
  * Issue 4414 - disk monitoring - prevent division by zero crash
  * Issue 4517 - BUG: Multiple systemd pin warnings (#4518)
  * Issue 4507 - Improve csngen testing task (#4508)
  * Issue 4498 - BUG - entryuuid replication may not work (#4503)
  * Issue 4480 - Unexpected info returned to ldap request (#4491)
  * Issue #4504 - Fix pytest test_dsconf_replication_monitor (#4505)
  * Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502)
  * Merge pull request #4501 from mreynolds389/issue4500
  * Issue 4272 RFE - add support for gost-yescrypt for hashing passwords (#4497)
  * Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481)
  * Issue 3522 - Remove DES to AES conversion code
  * Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493)
  * Issue 4373 - BUG - calloc of size 0 in MT build (#4496)
  * Issue 4483 - heap-use-after-free in slapi_be_getsuffix
  * Issue 4486 - Remove random ldif file generation from import test (#4487)
  * Issue 4224 - cleanup specfile after libsds removal
  * Issue 4421 - Unable to build with Rust enabled in closed environment
  * Issue 4489 - Remove return statement from a void function (#4490)
  * Issue 4229 - RFE - Improve rust linking and build performance (#4474)
  * Ticket 4224 - openldap can become confused with entryuuid
  * Ticket 4313 - improve tests and improve readme re refdel
  * Ticket 4313 - fix potential syncrepl data corruption
  * Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476)
  * Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475)
  * Issue 4315: performance search rate: nagle triggers high rate of setsocketopt (#4437)
  * Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472)
  * Issue 4446 RFE - openldap password hashers
  * Issue 4284 - dsidm fails to delete an organizationalUnit entry
  * Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466)
  * Issue 4464 - RFE - clang with ds+asan+rust
  * Issue 4105 - Remove python.six (fix regression)
  * Issue 4384 - Use MONOTONIC clock for all timing events and conditions
  * Issue 4418 - ldif2db - offline. Warn the user of skipped entries
  * Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467)
  * Issue 4460 - BUG  - lib389 should use system tls policy
  * Issue 3657 - Add options to dsctl for dsrc file
  * Issue 4454 - RFE - fix version numbers to allow object caching
  * Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set
  * Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439)
  * Issue 4112 - Added a CI test (#4441)
  * Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451)
  * Issue 4105 - Remove python.six from lib389 (#4456)
  * Fix pytest test collection
  * Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444)
  * Issue 4410 RFE - ndn cache with arc in rust
  * Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid
  * Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining
  * Issue 4428 - Paged Results with Chaining Test Case
  * do not add referrals for masters with different data generation #2054 (#4427)
  * Issue 4383 - Do not normalize escaped spaces in a DN
  * Issue 4432 - After a failed online import the next imports are very slow
  * Issue 4316 - performance search rate: useless poll on network send callback (#4424)
  * Issue 4281 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked'
  * Issue 4429 - NULL dereference in revert_cache()
  * Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422)
  * Issue 4407 RFE - remove http client and presence plugin (#4409)
  * build problems at alpine linux
  * Issue 4415 - unable to query schema if there are extra parenthesis
- Rust is a hard-requirement of 2.0.0 series, so enable-rust flags removed
- Perl has been completly removed in 2.0.0, enable-perl removed and lib389
  is the default. Perl tools have not been included in SUSE since 1.4.1.x
- Update to version 2.0.1~git0.b557f5daa:
  * Bump version to 2.0.1
  * Issue 4420 - change NVR to use X.X.X instead of X.X.X.X
  * Issue 4391 - DSE config modify does not call be_postop (#4394)
  * Issue 4218 - Verify the new wtime and optime access log keywords (#4397)
  * Issue 4176 - CL trimming causes high CPU
  * ticket 2058: Add keep alive entry after on-line initialization - second version (#4399)
  * Issue 4403 RFE - OpenLDAP pw hash migration tests (#4408)
  * Bump version to 2.0.0

-------------------------------------------------------------------
Tue Sep 21 00:56:43 UTC 2021 - wbrown@suse.de

- Update to version 1.4.4.17~git0.5e1e392ae:
  * Bump version to 1.4.4.17
  * Issue 4927 - rebase lib389 and cockpit in 1.4.4
  * Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
  * Issue 4912 - Account Policy plugin does not set the config entry DN
  * Issue 4796 - Add support for nsslapd-state to CLI & UI
  * Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
  * Issue 4169 - backport lib389 cert list fix
  * Issue 4912 - dsidm command crashing when account policy plugin is enabled
  * Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
  * Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks

-------------------------------------------------------------------
Fri Jul 09 04:16:10 UTC 2021 - wbrown@suse.de

- bsc#1188151 - Update to 1.4.4.16 patch release
- bsc#1188455 - CVE-2021-3652 - fix crypt handling of locked accounts
- Update to version 389dsbase1.4.4.16~git16.c1926dfc6:
  * Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819)
  * Issue 4656 - (2nd) Remove problematic language from UI/CLI/lib389
  * Issue 4262 - Fix Index out of bound in fractional test (#4828)
  * Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823)
  * Issue 4656 - remove problematic language from ds-replcheck
  * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions
  * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810)
  * Issue 4788 - CLI should support Temporary Password Rules attributes (#4793)
  * Issue 4506 - Improve SASL logging
  * Issue 4093 - Fix MEP test case
  * Issue 4747 - Remove unstable/unstatus tests (followup) (#4809)
  * Issue 4789 - Temporary password rules are not enforce with local password policy (#4790)
  * Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799)
  * Issue 4447 - Crash when the Referential Integrity log is manually edited
  * Issue 4773 - Add CI test for DNA interval assignment
  * Issue 4750 - Fix compiler warning in retrocl (#4751)

-------------------------------------------------------------------
Fri Jul 09 04:11:01 UTC 2021 - wbrown@suse.de

- Update to version 1.4.4.16~git0.3d31c6c71:
  * Bump version to 1.4.4.16
  * Update npm packages
  * Issue 4719 - lib389 - fix dsconf passthrough auth bugs
  * Issue 4778 - RFE - Allow setting TOD for db compaction and add task
  * Issue 4764 - replicated operation sometime checks ACI (#4783)
  * Issue 4623 - RFE - Monitor the current DB locks (#4762)
  * Issue 4781 - There are some typos in man-pages
  * Issue 4773 - Enable interval feature of DNA plugin
  * Issue 3555 - Fix UI audit issue
  * Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748)

-------------------------------------------------------------------
Thu Apr  8 02:37:31 UTC 2021 - William Brown <william.brown@suse.com>

- bsc#1184476 - Add supportconfig utility for customer services to capture
  389-ds support information.

-------------------------------------------------------------------
Thu Apr 08 01:43:57 UTC 2021 - wbrown@suse.de

- Update to version 1.4.4.14~git0.37dc95673:
  * Bump version to 1.4.4.14
  * Issue 4671 - UI - Fix browser crashes
  * Issue 4229 - Fix Rust linking
  * Issue 4658 - monitor - connection start date is incorrect
  * Issue 4656 - Make replication CLI backwards compatible with role name change
  * Issue 4656 - Remove problematic language from UI/CLI/lib389
  * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down
  * Issue 4661 - RFE - allow importing openldap schemas (#4662)
  * Issue 4659 - restart after openldap migration to enable plugins (#4660)
  * Issue 4663 - CLI - unable to add objectclass/attribute without x-origin

-------------------------------------------------------------------
Tue Mar 30 00:34:44 UTC 2021 - wbrown@suse.de

- bsc#1184142 - restart after openldap migration so that plugins can correctly
    perform data fix ups.
- Update to version 1.4.4.14~git0.37dc95673:
  * Bump version to 1.4.4.14
  * Issue 4671 - UI - Fix browser crashes
  * Issue 4229 - Fix Rust linking
  * Issue 4658 - monitor - connection start date is incorrect
  * Issue 4656 - Make replication CLI backwards compatible with role name change
  * Issue 4656 - Remove problematic language from UI/CLI/lib389
  * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down
  * Issue 4661 - RFE - allow importing openldap schemas (#4662)
  * Issue 4659 - restart after openldap migration to enable plugins (#4660)
  * Issue 4663 - CLI - unable to add objectclass/attribute without x-origin

-------------------------------------------------------------------
Mon Feb 15 00:11:38 UTC 2021 - wbrown@suse.de

- Update to version 389-ds-base-1.4.4.13~git0.6841d693f:
  * Bump version to 1.4.4.13
  * Update dscontainer (#4564)
  * Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
  * Issue 4324 - Some architectures the cache line size file does not exist
  * Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
  * Issue 4609 - CVE - info disclosure when authenticating
  * Bump version to 1.4.4.12
  * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584)
  * Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
  * Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553)

-------------------------------------------------------------------
Wed Feb 03 02:01:39 UTC 2021 - wbrown@suse.de

- Update to version 1.4.4.12~git0.7b681e1da:
  * Bump version to 1.4.4.12
  * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584)
  * Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
  * Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553)
  * Issue 4396 - Minor memory leak in backend (#4558) (#4572)
  * Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569)
  * Issue 5442 - Search results are different between RHDS10 and RHDS11
  * Bump version to 1.4.4.11
  * Issue 4548 - CLI - dsconf needs better root DN access control plugin validation
  * Issue 4513 - Fix schema test and lib389 task module (#4514)

-------------------------------------------------------------------
Mon Jan 18 01:06:59 UTC 2021 - wbrown@suse.de

- Upstream fix for bsc#1180847 - openldap_to_ds can fail if the
  backend has no overlays or indexes.
- Remove patches now merged upstream.
  * 0001-Ticket-51260-fix-potential-syncrepl-data-corruption.patch
  * 0002-Ticket-51260-improve-tests-and-improve-readme-re-ref.patch
  * 0003-Ticket-4224-openldap-can-become-confused-with-entryu.patch
  * 0004-Issue-4410-RFE-ndn-cache-with-arc-in-rust.patch
  * 0005-Issue-4403-RFE-OpenLDAP-pw-hash-migration-tests-4408.patch
  * 0006-Issue-4446-RFE-openldap-password-hashers.patch
  * 0007-Issue-4464-RFE-clang-with-ds-asan-rust.patch
  * 0008-Issue-4229-RFE-Improve-rust-linking-and-build-perfor.patch
- Update to version 1.4.4.10~git0.ebdf25251:
  * Bump version to 1.4.4.10
  * Issue 4418 - fix cherry-pick error
  * Issue 4381 - RFE - LDAPI authentication DN rewritter
  * Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540)
  * Issue 4513 - CI Tests - fix test failures
  * Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529)
  * Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated
  * Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533)
  * Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527)
  * Issue 4506 - BUG - Fix bounds on fd table population (#4520)

-------------------------------------------------------------------
Tue Dec 01 02:50:05 UTC 2020 - wbrown@suse.de

- Lib389 is a hard requirement in 1.4.4, and perl has been completely
  removed. Reflect this in our spec file.
- Add rebased patches for SUSE Feature Completion: jsc#SLE-11501
  * 0001-Ticket-51260-fix-potential-syncrepl-data-corruption.patch
  * 0002-Ticket-51260-improve-tests-and-improve-readme-re-ref.patch
  * 0003-Ticket-4224-openldap-can-become-confused-with-entryu.patch
  * 0004-Issue-4410-RFE-ndn-cache-with-arc-in-rust.patch
  * 0005-Issue-4403-RFE-OpenLDAP-pw-hash-migration-tests-4408.patch
  * 0006-Issue-4446-RFE-openldap-password-hashers.patch
  * 0007-Issue-4464-RFE-clang-with-ds-asan-rust.patch
  * 0008-Issue-4229-RFE-Improve-rust-linking-and-build-perfor.patch
- Update to version 1.4.4.9~git0.b09e60339:
  * Bump version to 1.4.4.9
  * Issue 4105 - Remove python.six (fix regression)
  * Issue 4384 - Use MONOTONIC clock for all timing events and conditions
  * Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467)
  * Issue 4460 - BUG  - lib389 should use system tls policy
  * Issue 3657 - Add options to dsctl for dsrc file
  * Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set
  * Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439)
  * Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451)
  * Issue 4105 - Remove python.six from lib389 (#4456)

-------------------------------------------------------------------
Thu Nov 12 03:47:16 UTC 2020 - wbrown@suse.de

- Update to version 1.4.4.8~git0.bf454ad07:
  * Bump version to 1.4.4.8
  * Issue 4415 - unable to query schema if there are extra parenthesis
  * Issue 4176 - CL trimming causes high CPU
  * Bump version to 1.4.4.7
  * Issue 2526 - revert backend validation check
  * Issue 4262 - more perl removal cleanup
  * Issue 2526 - retrocl backend created out of order
  * Bump version to 1.4.4.6
  * Issue 4262 - Remove legacy tools subpackage (final cleanup)
  * Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install)

-------------------------------------------------------------------
Thu Oct 08 23:20:32 UTC 2020 - william.brown@suse.com

- Update to version 1.4.4.4~git0.318a3ce0c:
  * Bump version to 1.4.4.4
  * Ticket 51175 - resolve plugin name leaking
  * Issue 51187 - UI - stop importing Cockpit's PF css
  * Issue 51192 - Add option to reject internal unindexed searches
  * Issue 50840 - Fix test docstrings metadata-1
  * Issue 50840 - Fix test docstrings metadata
  * Ticket 50980 - fix foo_filter_rewrite
  * Issue 51165 - add more logconv stats for the new access log keywords
  * Issue 50928 - Unable to create a suffix with countryName either via dscreate or the admin console
  * Issue 51188 - db2ldif crashes when LDIF file can't be accessed
  * Issue 50545 - Port remaining legacy tools to new python CLI
  * Issue 51165 - add new access log keywords for wtime and optime
  * Issue : 49761 - Fix CI test suite issues ( Port remaning acceptance test suit part 1)
  * Issue: 51070 - Port Import TET module to python3 part2
  * Issue:51142 - Port manage Entry TET suit to python 3 part 1
  * Issue: 50860 - Port Password Policy test cases from TET to python3 final
  * Issue 50696 - Fix Allowed and Denied Ciphers lists - WebUI
  * Issue 51169 - UI - attr uniqueness - selecting empty subtree crashes cockpit
  * Issue 49256 - log warning when thread number is very different from autotuned value
  * Issue 51157 - Reindex task may create abandoned index file
  * Issue 50873 - Fix issues with healthcheck tool
  * Issue:50860 - Port Password Policy test cases from TET to python3 part2
  * Issue 51166 - Log an error when a search is fully unindexed
  * Ticket 50544 - OpenLDAP syncrepl compatability
  * Ticket 51161 - fix SLE15.2 install issps
  * Issue 49999 - rpm.mk build-cockpit should clean cockpit_dist first
  * Issue 51144 - dsctl fails with instance names that contain slapd-
  * Issue 51155 - Fix OID for sambaConfig objectclass
  * Ticket 51159 - dsidm ou delete fails
  * Issue 50984 - Memory leaks in disk monitoring
  * Ticket 51131 - improve mutex alloc in conntable
  * Issue 49761 - Fix CI tests
  * Ticket 49859 - A distinguished value can be missing in an entry
  * Issue 50791 - Healthcheck should look for notes=A/F in access log
  * Issue 51072 - Set the default minimum worker threads
  * Ticket 51140 - missing ifdef
  * Issue 50912 - pwdReset can be modified by a user
  * Issue 50781 - Make building cockpit plugin optional
  * Issue 51100 - Correct numSubordinates value for cn=monitor
  * Issue 51136 - dsctl and dsidm do not errors correctly when using JSON
  * Ticket 137 - fix compiler warning
  * Issue 50781 - Make building cockpit plugin optional
  * Issue 51132 - Winsync setting winSyncWindowsFilter not working as expected
  * Ticket 51034 - labeledURIObject
  * Issue 50545 - Port remaining legacy tools to new python CLI
  * Issue 50889 - Extract pem files into a private namespace
  * Ticket 137 - Implement EntryUUID plugin
  * Ticket 51072 - improve autotune defaults
  * Ticket 51115 - enable samba3.ldif by default
  * Issue 51118 - UI - improve modal validation when creating an instance
  * Issue 50746 - Add option to healthcheck to list all the lint reports
  * Bump version to 1.4.4.3
  * Issue 50931 - RFE AD filter rewriter for ObjectCategory
  * Issue: 50860 - Port Password Policy test cases from TET to python3 part1
  * Issue 51113 - Allow using uid for replication manager entry
  * Issue 51095 - abort operation if CSN can not be generated
  * Issue 51110 - Fix ASAN ODR warnings
  * Issue 49850 -ldbm_get_nonleaf_ids() painfully slow for databases with many non-leaf entries
  * Issue 51102 - RFE - ds-replcheck - make online timeout configurable
  * Issue 51076 - remove unnecessary slapi entry dups
  * Issue 51086 - Improve dscreate instance name validation
  * Issue:51070 - Port Import TET module to python3 part1
  * Ticket 51037 - compiler warning
  * Ticket 50989 - ignore pid when it is ourself in protect_db
  * Ticket 51037 - RFE AD filter rewriter for ObjectSID
  * Issue 50499 - Fix some npm audit issues
  * Issue 51091 - healthcheck json report fails when mapping tree is deleted
  * Ticket 51079 - container pid start and stop issues
  * Revert "Issue 51017 - Implement dynamic ds/bz pytest markers"
  * Issue 49761 - Fix CI tests
  * Issue 50610 - Fix return code when it's nothing to free
  * Issue 50610 - memory leaks in dbscan and changelog encryption
  * Issue 51076 - prevent unnecessarily duplication of the target entry
  * Issue 50940 - Permissions of some shipped directories may change over time
  * Issue 50873 - Fix issues with healthcheck tool
  * Issue 51017 - Implement dynamic ds/bz pytest markers
  * Ticket 51082 - abort when a empty valueset is freed
  * Issue:CI test - automember_plugin (Long Duration test)
  * Issue 50201 - nsIndexIDListScanLimit accepts any value
  * Bump version to 1.4.4.2
  * Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema
  * Issue 51054 - Revise ACI target syntax checking
  * Ticket 51068 - deadlock when updating the schema
  * Issue 51042 - try to use both c_rehash and openssl rehash
  * Issue 51042 - switch from c_rehash to openssl rehash
  * Issue 50992 - Bump jemalloc version and enable profiling
  * Issue 51060 - unable to set sslVersionMin to TLS1.0
  * Issue 51064 - Unable to install server where IPv6 is disabled
  * Issue 51051 - CLI fix consistency issues with confirmations
  * Issue 50655 - etime displayed has an order of magnitude 10 times smaller than it should be
  * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
  * Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev
  * Issue 49761 - Fix CI tests
  * Issue 51047 - React deprecating ComponentWillMount
  * Issue 50499 - fix npm audit issues
  * Issue 50545 - Port dbgen.pl to dsctl
  * Issue 51027 - Test passwordHistory is not rewritten on a fail attempt
  * Bump version to 1.4.4.1
  * Ticket 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins
  * Ticket 50877 - task to run tests of csn generator
  * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
  * Issue: 48055 - CI test - automember_plugin(part3)
  * Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1
  * Issue 51031 UI - transition between two instances needs improvement
  * Bump version to 1.4.4

-------------------------------------------------------------------
Sun Aug 02 23:52:12 UTC 2020 - william.brown@suse.com

- Update to version 1.4.3.12~git0.9bc042902:
  * Bump version to 1.4.3.12
  * Issue 51222 - It should not be allowed to delete Managed Entry manually
  * Issue 51129 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version
  * Issue 51086 - Fix instance name length for interactive install
  * Issue 51136 - JSON Error output has redundant messages
  * Issue 51059 - If dbhome directory is set online backup fails
  * Issue 51000 - Separate the BDB backend monitors
  * Issue 49300 - entryUSN is duplicated after memberOf operation
  * Issue 50984 - Fix disk_mon_check_diskspace types

-------------------------------------------------------------------
Wed Jul 15 04:10:48 UTC 2020 - william.brown@suse.com

- Remove patch that is now included in latest release:
  0001-Ticket-51161-fix-SLE15.2-install-issps.patch
- Resolve bsc#1174057 upstream stability and fix rollup.
- Update to version 1.4.3.11~git0.82796f172:
  * Bump version to 1.4.3.11
  * Issue 51192 - Add option to reject internal unindexed searches
  * Ticket 51159 - dsidm ou delete fails
  * Issue 51165 - add more logconv stats for the new access log keywords
  * Issue 51188 - db2ldif crashes when LDIF file can't be accessed
  * Issue 51165 - add new access log keywords for wtime and optime
  * Issue 50696 - Fix Allowed and Denied Ciphers lists - WebUI
  * Issue 51169 - UI - attr uniqueness - selecting empty subtree crashes cockpit
  * Issue 49256 - log warning when thread number is very different from autotuned value
  * Issue 51157 - Reindex task may create abandoned index file
  * Issue 51166 - Log an error when a search is fully unindexed
  * Ticket 51161 - fix SLE15.2 install issps
  * Issue 51144 - dsctl fails with instance names that contain slapd-
  * Issue 50984 - Memory leaks in disk monitoring
  * Issue 50201 - nsIndexIDListScanLimit accepts any value
  * Bump version to 1.4.3.10
  * Ticket 49859 - A distinguished value can be missing in an entry
  * Issue 50791 - Healthcheck should look for notes=A/F in access log
  * Issue 51072 - Set the default minimum worker threads
  * Issue 50912 - pwdReset can be modified by a user
  * Issue 51100 - Correct numSubordinates value for cn=monitor
  * Issue 51136 - dsctl and dsidm do not errors correctly when using JSON
  * Issue 51132 - Winsync setting winSyncWindowsFilter not working as expected
  * Ticket 51072 - improve autotune defaults
  * Issue 50746 - Add option to healthcheck to list all the lint reports
  * Issue 51118 - UI - improve modal validation when creating an instance

-------------------------------------------------------------------
Fri Jun 19 01:56:49 UTC 2020 - William Brown <william.brown@suse.com>

- Add 0001-Ticket-51161-fix-SLE15.2-install-issps.patch to resolve bsc#1172328
  This corrects a failure to install on SUSE due to incorrect hostname
  generation, and a python 3 utf8 issue that is triggered by systemd.

-------------------------------------------------------------------
Mon Jun 01 01:10:10 UTC 2020 - william.brown@suse.com

- Update to version 1.4.3.9~git0.3eb8617f6:
  * Bump version to 1.4.3.9
  * Issue 50931 - RFE AD filter rewriter for ObjectCategory
  * Issue 51113 - Allow using uid for replication manager entry
  * Issue 51095 - abort operation if CSN can not be generated
  * Issue 51110 - Fix ASAN ODR warnings
  * Issue 51102 - RFE - ds-replcheck - make online timeout configurable
  * Issue 51076 - remove unnecessary slapi entry dups
  * Issue 51086 - Improve dscreate instance name validation
  * Ticket 50989 - ignore pid when it is ourself in protect_db
  * Issue 50499 - Fix some npm audit issues
  * Issue 51091 - healthcheck json report fails when mapping tree is deleted
  * Ticket 51079 - container pid start and stop issues
  * Issue 50610 - Fix return code when it's nothing to free
  * Ticket 51082 - abort when a empty valueset is freed
  * Issue 50610 - memory leaks in dbscan and changelog encryption
  * Issue 51076 - prevent unnecessarily duplication of the target entry
  * Bump version to 1.4.3.8
  * Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema
  * Issue 51054 - Revise ACI target syntax checking
  * Ticket 51068 - deadlock when updating the schema
  * Issue 51060 - unable to set sslVersionMin to TLS1.0
  * Issue 51064 - Unable to install server where IPv6 is disabled
  * Issue 51051 - CLI fix consistency issues with confirmations
  * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
  * Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev
  * Issue 51047 - React deprecating ComponentWillMount
  * Issue 50499 - fix npm audit issues
  * Issue 50545 - Port dbgen.pl to dsctl
  * Bump version to 1.4.3.7
  * Ticket 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins
  * Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1
  * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
  * Issue 51031 UI - transition between two instances needs improvement
  * Bump version to 1.4.3.6
  * Issue 50933 - 10rfc2307compat.ldif is not ready to set used by default
  * Ticket 50931 - RFE AD filter rewriter for ObjectCategory
  * Issue 51016 - Fix memory leaks in changelog5_init and perfctrs_init
  * Ticket 50980 - RFE extend usability for slapi_compute_add_search_rewriter and slapi_compute_add_evaluator
  * Ticket 51008 - dbhome in containers
  * Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code
  * Ticket 51014 - slapi_pal.c possible static buffer overflow
  * Issue 50545 - remove dbmon "incr" option from arg parser
  * Issue 50545 - Port dbmon.sh to dsconf
  * Issue 51005 - AttributeUniqueness plugin's DN parameter should not have a default value
  * Issue 49731 - Fix additional issues with setting db home directory by default
  * Issue 50337 - Replace exec() with setattr()
  * Ticket 50905 - intermittent SSL hang with rhds
  * Issue 50952 - SSCA lacks basicConstraint:CA
  * Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given
  * Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value
  * Bump version to 1.4.3.5
  * Issue 50994 - Fix latest UI bugs found by QE
  * Ticket 50933 - rfc2307compat.ldif
  * Issue 50337 - Replace exec() with setattr()
  * Issue 50984 - Memory leaks in disk monitoring
  * Issue 50984 - Memory leaks in disk monitoring
  * Issue 49731 - dscreate fails in silent mode because of db_home_dir
  * Issue 50975 - Revise UI branding with new minimized build
  * Issue 49437 - Fix memory leak with indirect COS
  * Issue 49731 - Do not add db_home_dir to template-dse.ldif
  * Issue 49731 - set and use db_home_directory by default
  * Ticket 50971 - fix BSD_SOURCE
  * -n option of dbverify does not work
  * Issue 50952- SSCA lacks basicConstraint:CA
  * Issue 50976 - Clean up Web UI source directory from unused files
  * Issue 50955 - Fix memory leaks in chaining plugin(part 2)
  * Issue 50966 - UI - Database indexes not using typeAhead correctly
  * Issue 50974 - UI - wrong title in "Delete Suffix" popup
  * Issue 50972 - Fix cockpit plugin build
  * Issue 49761 - Fix CI test suite issues
  * Issue 50971 - Support building on FreeBSD.
  * Issue 50960 - [RFE] Advance options in RHDS Disk Monitoring Framework
  * Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted
  * Issue 50963 - We should bundle *.min.js files of Console
  * Issue: 50860 - Port Password Policy test cases from TET to python3 Password grace limit section.
  * Issue: 50860 - Port Password Policy test cases from TET to python3 series of bugs Port final
  * Issue 50954 - buildnum.py - fix date formatting issue
  * Bump version to 1.4.3.4
  * Issue 50954 - Port buildnum.pl to python(part 2)
  * Issue 50955 - Fix memory leaks in chaining plugin
  * Issue 50954 - Port buildnum.pl to python
  * Ticket 50947 - change 00core.ldif objectClasses for openldap migration
  * Ticket: 50755 - setting nsslapd-db-home-directory is overriding db_directory
  * Issue 50937 - Update CLI for new backend split configuration
  * Issue: 50860 - Port Password Policy test cases from TET to python3 pwp.sh
  * Ticket 50945 - givenname alias of gn from openldap
  * Ticket 50935 - systemd override in lib389 for dscontainer
  * Issue 50499 - Fix npm audit issues
  * Issue 49761 - Fix CI test suite issues
  * Ticket 50618 - clean compiler warning and log level
  * Ticket 50889 - fix compiler issues
  * Issue 50884 -  Health check tool DSEldif check fails
  * Issue 50926 - Remove dual spinner and other UI fixes
  * Issue 50928 - Unable to create a suffix with countryName
  * Issue 50758 - Only Recommend bash-completion, not Require
  * Issue 50923 - Fix a test regression
  * Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code
  * Issue 50920 - cl-dump exit code is 0 even if command fails with invalid arguments
  * Issue 50923 - Add test - dsctl fails to remove instances with dashes in the name
  * Issue 50919 - Backend delete fails using dsconf
  * Issue 50872 - dsconf can't create GSSAPI replication agreements
  * Issue 50912 - RFE - add password policy attribute pwdReset
  * Ticket 50914 - No error returned when adding an entry matching filters for a non existing automember group
  * Ticket 50889 - Extract pem files into a private namespace
  * Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before
  * Issue: 50686 - Port fractional replication test cases from TET to python3 final
  * Issue 49845 - Remove pkgconfig check for libasan
  * Issue:50860 - Port Password Policy test cases from TET to python3 bug624080
  * Issue:50860 - Port Password Policy test cases from TET to python3 series of bugs
  * Ticket 50786 - connection table freelist
  * Ticket 50618 - support cgroupv2
  * Ticket 50900 - Fix cargo offline build
  * Ticket 50898 - ldclt core dumped when run with -e genldif option
  * Bump version to 1.4.3.3
  * Issue 50855 - remove unused file from UI
  * Issue 50855 - UI: Port Server Tab to React
  * Issue 49845 - README does not contain complete information on building
  * Issue: 50686 - Port fractional replication test cases from TET to python3 part 1
  * Ticket - 49623-cont cenotaph errors on modrdn operations
  * Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled
  * Issue 50886 - Typo in the replication debug message
  * Issue 50873 - Fix healthcheck and virtual attr check
  * Issue 50873 - Fix issues with healthcheck tool
  * Issue 50028 - Add a new CI test case
  * Issue 49946 - Add a new CI test case
  * Issue 50117 - Add a new CI test case
  * Ticket 50787 - fix implementation of attr unique
  * Ticket 50859 - support running only with ldaps socket
  * Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name
  * Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache
  * Issue 50867 - Fix minor buildsys issues
  * Issue 50737 - Allow building with rust online without vendoring
  * Ticket 50831 add cargo.lock to allow offline builds
  * Ticket 50694 - import PEM certs on startup
  * Ticket 50857 - Memory leak in ACI using IP subject
  * Issue 49761 - Fix CI test suite issues
  * Issue 50853 - Fix NULL pointer deref in config setting
  * Issue 50850 - Fix dsctl healthcheck for python36
  * Issue 49990 - Need to enforce a hard maximum limit for file descriptors
  * Ticket 48707 - ldapssotoken for authentication
  * Bump version to 1.4.3.2
  * Issue 49254 - Fix compiler failures and warnings
  * Ticket 50741-cont bdb_start - Detected Disorderly Shutdown
  * Issue 50836 - Port Schema UI tab to React
  * Issue 50842 - Decrease 389-console Cockpit component size
  * Ticket 50790 - Add result text when filter is invalid
  * Issue 50627 - Add ASAN logs to HTML report
  * Issue 50834 - Incorrectly setting the NSS default SSL version max
  * Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
  * Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
  * Ticket 50784 - performance testing scripts
  * Issue 50599 - Fix memory leak when removing db region files
  * Issue 49395 - Set the default TLS version min to TLS1.2
  * Issue 50818 - dsconf pwdpolicy get error
  * Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined"
  * Issue 50599 - Remove db region files prior to db recovery
  * Issue 50812 -  dscontainer executable should be placed under /usr/libexec/dirsrv/
  * Issue 50816 - dsconf allows the root password to be set to nothing
  * Issue 50798 - incorrect bytes in format string(fix import issue)
  * Bump version to 1.4.3.1
  * Ticket 50798 - incorrect bytes in format string
  * Issue 50545 - Add the new replication monitor functionality to UI
  * Issue 50806 - Fix minor issues in lib389 health checks
  * Issue: 50690 - Port Password Storage test cases from TET to python3 part 1
  * Issue 49761 - Fix CI test suite issues
  * Issue 49761 - Fix CI test suite issues
  * Issue 50754 - Add Restore Change Log option to CLI
  * Issue: 48055 -  CI test - automember_plugin(part2)
  * Ticket 50667 - dsctl -l did not respect PREFIX
  * Issue 50780 - More CLI fixes
  * Ticket 50649 - lib389 without defaults.inf
  * Issue 50780 - Fix UI issues
  * Ticket 50727 - correct mistaken options in filter validation patch
  * Issue 50779 - lib389 - conflict compare fails for DN's with spaces
  * Set branch version to 1.4.3.0

-------------------------------------------------------------------
Mon Jun 01 00:22:18 UTC 2020 - william.brown@suse.com

- Remove 0001-Ticket-51014-slapi_pal.c-possible-static-buffer-over.patch
  as it is part of 1.4.2.14
- Update to version 1.4.2.14~git0.5ac5b02ce:
  * Bump version to 1.4.2.14
  * Issue 51113 - Allow using uid for replication manager entry
  * Issue 51095 - abort operation if CSN can not be generated
  * Issue 51110 - Fix ASAN ODR warnings
  * Issue 51102 - RFE - ds-replcheck - make online timeout configurable
  * Issue 51076 - remove unnecessary slapi entry dups
  * Issue 51086 - Improve dscreate instance name validation
  * Ticket 50989 - ignore pid when it is ourself in protect_db
  * Issue 50499 - Fix some npm audit issues
  * Issue 51091 - healthcheck json report fails when mapping tree is deleted
  * Ticket 51079 - container pid start and stop issues
  * Issue 50610 - Fix return code when it's nothing to free
  * Ticket 51082 - abort when a empty valueset is freed
  * Issue 50610 - memory leaks in dbscan and changelog encryption
  * Issue 51076 - prevent unnecessarily duplication of the target entry
  * Issue 50940 - Permissions of some shipped directories may change over time
  * Bump version to 1.4.2.13
  * Ticket 50787 - fix implementation of attr unique
  * Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema
  * Ticket 51068 - deadlock when updating the schema
  * Issue 51060 - unable to set sslVersionMin to TLS1.0
  * Issue 51064 - Unable to install server where IPv6 is disabled
  * Issue 51051 - CLI fix consistency issues with confirmations
  * Issue 51047 - React deprecating ComponentWillMount
  * Issue 50499 - fix npm audit issues
  * Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1
  * Issue 51031 UI - transition between two instances needs improvement
  * Bump version to 1.4.2.12
  * Issue 50337 - Replace exec() with setattr()
  * Issue 50545 - the check for the ds version for the backend config was broken
  * Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code
  * Ticket 51014 - slapi_pal.c possible static buffer overflow
  * Issue 50545 - remove dbmon "incr" option from arg parser
  * Issue 50545 - Port dbmon.sh to dsconf
  * Ticket 50905 - intermittent SSL hang with rhds
  * Issue 50952 - SSCA lacks basicConstraint:CA
  * Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given
  * Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value

-------------------------------------------------------------------
Tue Apr 07 05:27:28 UTC 2020 - 389-ds-maintainer@suse.de

- Patch rollup as described in bsc#1169364
- Add rust vendor.tar.gz as a source - rust is still an optional build
  and will be enabled in the future.
- Update ns-slapd ownership to remove dirsrv as an owner as dirsrv will
  not exist in containers with systemd users.
- Add 0001-Ticket-51014-slapi_pal.c-possible-static-buffer-over.patch to
  resolve a warning found in static analysis in OBS (upstream #51014)
- Update to version 1.4.2.11~git0.aff1a2831:
  * Bump version to 1.4.2.11
  * Issue 50994 - Fix latest UI bugs found by QE
  * Issue 50337 - Replace exec() with setattr()
  * Issue 50984 - Memory leaks in disk monitoring
  * Issue 50975 - Revise UI branding with new minimized build
  * Issue 49437 - Fix memory leak with indirect COS
  * Issue 50976 - Clean up Web UI source directory from unused files
  * Issue 50744 - -n option of dbverify does not work
  * Issue 50952- SSCA lacks basicConstraint:CA
  * Bump version to 1.4.2.10
  * Issue 50966 - UI - Database indexes not using typeAhead correctly
  * Issue 50974 - UI - wrong title in "Delete Suffix" popup
  * Issue 50972 - Fix cockpit plugin build
  * Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted
  * Issue 50963 - We should bundle *.min.js files of Console
  * Bump version to 1.4.2.9
  * Ticket: 50755 - setting nsslapd-db-home-directory is overriding db_directory
  * Issue 50937 - Update CLI for new backend split configuration
  * Issue 50499 - Fix npm audit issues
  * Issue 50884 -  Health check tool DSEldif check fails
  * Issue 50926 - Remove dual spinner and other UI fixes
  * Issue 49845 - Remove pkgconfig check for libasan
  * Issue 50758 - Only Recommend bash-completion, not Require
  * Issue 50928 - Unable to create a suffix with countryName
  * Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code
  * Issue 50919 - Backend delete fails using dsconf
  * Issue 50872 - dsconf can't create GSSAPI replication agreements
  * Ticket 50914 - No error returned when adding an entry matching filters for a non existing automember group
  * Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before
  * Ticket 50618 - support cgroupv2
  * Ticket 50898 - ldclt core dumped when run with -e genldif option

-------------------------------------------------------------------
Mon Feb 17 22:37:41 UTC 2020 - 389-ds-maintainer@suse.de

- Update to version 1.4.2.8~git0.3aaa3e820:
  * Bump version to 1.4.2.8
  * Issue 50855 - remove unused file from UI
  * Issue 50855 - UI: Port Server Tab to React
  * Issue 49845 - README does not contain complete information on building
  * Ticket - 49623-cont cenotaph errors on modrdn operations
  * Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled
  * Issue 50886 - Typo in the replication debug message
  * Issue 50873 - Fix healthcheck and virtual attr check
  * Issue 50873 - Fix issues with healthcheck tool
  * Ticket 50857 - Memory leak in ACI using IP subject
  * Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name
  * Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache
  * Issue 50850 - Fix dsctl healthcheck for python36
  * Issue 49990 - Need to enforce a hard maximum limit for file descriptors

-------------------------------------------------------------------
Tue Jan 28 04:11:30 UTC 2020 - 389-ds-maintainer@suse.de

- Update to version 1.4.2.7~git0.202953d28:
  * Bump version to 1.4.2.7
  * Issue 49254 - Fix compiler failures and warnings
  * Ticket 50741-cont bdb_start - Detected Disorderly Shutdown
  * Issue 50836 - Port Schema UI tab to React
  * Issue 50842 - Decrease 389-console Cockpit component size
  * Ticket 50790 - Add result text when filter is invalid
  * Issue 50834 - Incorrectly setting the NSS default SSL version max
  * Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
  * Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
  * Issue 50599 - Fix memory leak when removing db region files
  * Issue 49395 - Set the default TLS version min to TLS1.2
  * Issue 50818 - dsconf pwdpolicy get error
  * Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined"
  * Issue 50599 - Remove db region files prior to db recovery
  * Issue 50812 -  dscontainer executable should be placed under /usr/libexec/dirsrv/
  * Issue 50816 - dsconf allows the root password to be set to nothing
  * Issue 50798 - incorrect bytes in format string(fix import issue)

-------------------------------------------------------------------
Tue Jan 21 03:51:34 UTC 2020 - 389-ds-maintainer@suse.de

- Update to version 1.4.2.6~git0.e84bbce3f:
  * Bump version to 1.4.2.6
  * Ticket 50798 - incorrect bytes in format string
  * Issue 50545 - Add the new replication monitor functionality to UI
  * Issue 50806 - Fix minor issues in lib389 health checks
  * Issue 50754 - Add Restore Change Log option to CLI
  * Ticket 50727 - change syntax validate by default in 1.4.2
  * Ticket 50667 - dsctl -l did not respect PREFIX
  * Issue 50780 - More CLI fixes
  * Issue 50780 - Fix UI issues
  * Ticket 50727 - correct mistaken options in filter validation patch
  * Issue 50779 - lib389 - conflict compare fails for DN's with spaces
  * Ticket #49761 - Fix CI test suite issues
  * Issue 50499 - Fix npm audit issues
  * Issue 50774 - Account.enroll_certificate() should not check for DS version
  * Issue 50771 - 1.4.2.5 doesn't compile due to error ModuleNotFoundError: No module named 'pkg_resources.extern'
  * Issue 50758 - Need to enable CLI arg completion
  * Ticket 50709: Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
  * Issue: 50690 - Port Password Storage test cases from TET to python3(create required types in password_plugins)
  * Issue: 48851 - Investigate and port TET matching rules filter tests(last test cases for match index)
  * Issue 50761 - Parametrized tests are missing ':parametrized' value
  * Bump version to 1.4.2.5
  * Issue 50747 - Port readnsstate to dsctl
  * Issue 50758 - Enable CLI arg completion
  * Issue 50753 - Dumping the changelog to a file doesn't work
  * Ticket 50745: ns-slapd hangs during CleanAllRUV tests
  * Issue 50734 - lib389 creates non-SSCA cert DBs with misleading README.txt
  * Issue: 48851 - investigate and port TET matching rules filter tests(cert)
  * Issue: 50443 - Create a module in lib389 to Convert a byte sequence to a properly escaped for LDAP
  * Ticket 50664 - DS can fail to recover if an empty directory exists in db
  * Ticket 50736 - RetroCL trimming may crash at shutdown if trimming configuration is invalid
  * Ticket 50741 - bdb_start - Detected Disorderly Shutdown last time Directory Server was running
  * Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted
  * Issue 50701 - Fix type in lint report
  * Ticket 50729 - add support for gssapi tests on suse
  * Issue 50701 - Add additional healthchecks to dsconf
  * Issue 50711 - `dsconf security` lacks option for setting nsTLSAllowClientRenegotiation attribute
  * Issue 50439 - Update docker integration for Fedora
  * Issue: 48851 - Investigate and port TET matching rules filter tests(last test cases for match)
  * Issue 50499 - Fix npm audit issues
  * Issue 50722 - Test IDs are not unique
  * Issue 50712 - Version comparison doesn't work correctly on git builds
  * Issue 50499 - Fix npm audit issues
  * Issue 50706 - Missing lib389 dependency - packaging
  * Bump version to 1.4.2.4
  * Issue 49761 - Fix CI test suite issues
  * Issue 50634 - Fix CLI error parsing for non-string values
  * Ticket 50659 AddressSanitizer: SEGV ... in bdb_pre_close
  * Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes
  * Issue 50644 - fix regression with creating sample entries
  * Issue 50699 - Add Disk Monitor to CLI and UI
  * Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes
  * Issue 50536 - After audit log file is rotated, DS version string is logged after each update
  * Issue #50712 - Version comparison doesn't work correctly on git builds
  * Issue 50706 - Missing lib389 dependency - packaging
  * Issue 49761 - Fix CI test suite issues
  * Issue #50683 - Makefile.am contains unused RPM-related targets
  * Issue 50696 - Fix various UI bugs
  * Update based on Marks feedback
  * Update to mark as skipif
  * Ticket 50641 - Update default aci to allows users to change their own password
  * Ticket 50007, 50648 - improve x509 handling.
  * Issue 50689 - Failed db restore task does not report an error
  * Issue 50199 - Disable perl by default
  * Ticket 50633 - Add cargo vendor support for offline builds
  * Issue 50499 - Fix npm audit issues
  * Bump version to 1.4.2.3
  * Issue 50592 - Port Replication Tab to ReactJS
  * Issue 50680 - Remove branding from upstream spec file
  * Issue 50669 - Remove nunc-stans in favour of reworking current conn code (add.)
  * Issue: 48055 -  CI test - automember_plugin(part1)
  * Issue 50677 - Map subtree searches with NULL base to default naming context
  * Issue 50669 - Fix RPM build
  * Ticket 50669 - remove nunc-stans
  *     Ticket 49850 cont -fix crash in ldbm_non_leaf
  * Issue 50634 - Clean up CLI errors output - Fix wrong exception
  * Issue 50660 - Build failure on Fedora 31
  * Issue 50634 - Clean up CLI errors output
  * Issue: 48851 - Investigate and port TET matching rules filter tests(match more test cases)
  * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request"
  * Issue 49850 -  ldbm_get_nonleaf_ids() slow for databases with many non-leaf entries
  * Issue 50655 - access log etime is not properly formatted
  * Issue 50653 -  objectclass parsing fails to log error message text
  * Issue 50646 - Improve task handling during shutdowns
  * Add new test suite to test migration between RHDS versions
  * Ticket 50627 - Support platforms without pytest_html
  * Ticket 49476 - backend refactoring phase1, fix failing tests
  * Ticket 49476 - refactor ldbm backend to allow replacement of BDB
  * Ticket - 50349 - additional fix: filter schema check must handle subtypes
  * Issue: 48851 - investigate and port TET matching rules filter tests(indexing more test cases)
  * Issue 50638 - RecursionError: maximum recursion depth exceeded while calling a Python object
  * Ticket 50636 - Crash during sasl bind
  * Ticket 50632 - Add ensure attr state so that diffs are easier from 389-ds-portal
  * Ticket 50619 - extend commands to have more modify options
  * Issue 50499 - Fix npm audit issues
  * bump version to 1.4.2.2

-------------------------------------------------------------------
Tue Oct 08 02:04:20 UTC 2019 - 389-ds-maintainer@suse.de

- Update to version 1.4.2.2~git0.d41ef935b:
  * Issue 50627 - Add ASAN logs to HTML report
  * Issue 50545 - Port repl-monitor.pl to lib389 CLI
  * Ticket 50622 - ds_selinux_enabled may crash on suse
  * Ticket 50595 - remove syslog.target requirement
  * Ticket 50617 - disable cargo lock
  * Issue 50620 - Fix regressions from 50506 (slapi_enry_attr_get_ref)
  * Issue 50615 - Log current test name to journald
  * Ticket: 50610 memory leak in dbscan
  * Bump version to 1.4.2.1
  * Ticket 50581 - ns-slapd crashes during ldapi search
  * Issue 50604 - Fix UI validation
  * ticket 50510 - etime can contain invalid nanosecond value
  * Ticket 50593 Investigate URP handling on standalone instance
  * Issue 50506 - Fix regression for relication stripattrs
  * Issue 50580 - Perl can't be disabled in configure
  * Ticket 50584, 49212 - docker healthcheck and configuration
  * Issue 50546 - fix more UI issues(part 2)
  * Do not use comparision with "is" for empty value
  * Issue 50546 - fix more UI issues
  * Issue 50586 - lib389 - Fix DSEldif long line processing
  * Issue 50173 - Add the validate-syntax task to the dsconf schema
  * Issue 50546 - Fix various issues in UI
  * Bump version to 1.4.2.0
  * Ticket 50576 - Same proc uid/gid maps to rootdn for ldapi sasl
  * Ticket 50567, 50568 - strict host check disable and display container version
  * Issue 50550 - DS installer debug messages leaking to ipa-server-install
  * Issue 50545 - Port fixup-memberuid and add the functionality to CLI and UI
  * Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted
  * Issue 50578 - Add SKIP_AUDIT_CI flag for Cockpit builds
  * Ticket 50349 - filter schema validation
  * Issue: 48055 - CI test-(Plugin configuration should throw proper error messages if not configured properly)
  * Issue 49324 - idl_new fix assert
  * Ticket 50564 - Fix rust libraries by default and improve docker
  * Issue 50206 - Refactor lock, unlock and status of dsidm account/role
  * Issue 49324 - idl_new report index name in error conditions
  * Issue 49761 - Fix CI test suite issues
  * Issue 50506 - Fix regression from slapi_entry_attr_get_ref refactor
  * Issue 50499 - Audit fix - Update npm 'eslint-utils' version
  * Issue 49624 - modrdn silently fails if DB deadlock occurs
  * fix for 50542 crashes in filter tests
  * Issue 49761 - Fix CI test suite issues
  * Ticket 50542 - Entry cache contention during base search
  * Issue 50462 - Fix CI tests
  * Ticket 50490 objects and memory leaks
  * Issue 50538 - Move CI test to individual file
  * Issue 50538 - cleanAllRUV task limit is not enforced for replicated tasks
  * Issue 50536 - Audit log heading written to log after every update
  * Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted
  * Issue 50534 - CLI change schema edit subcommand to replace
  * Issue 50506 - cont Fix invalid frees from pointer reference calls
  * Issue 50507 - Fix Cockpit UI styling for PF4
  * Issue: 48851 - investigate and port TET matching rules filter tests(indexing final)
  * Issue: 48851 - Add more test cases to the match test suite(mode replace)
  * Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
  * Issue 50529 -  LDAP server returning PWP controls in different sequence
  * Issue 50506 - Fix invalid frees from pointer reference calls.
  * Issue 50506 - Replace slapi_entry_attr_get_charptr() with slapi_entry_attr_get_ref()
  * Issue 50521 - Add regressions in CI tests
  * Ticket 50510 - etime can contain invalid nanosecond value
  * Issue 50488 - Create a monitor for disk space usagedisk-space-mon
  * Issue 50511 -  lib389 PosixGroups type can not handle rdn properly
  * Issue 50508 - UI - fix local password policy form

-------------------------------------------------------------------
Thu Aug 13 05:31:18 UTC 2019 - William Brown <william.brown@suse.com>

- Fix spec file discrepencies from SLE
- Update to correct license issue in spec file
- Update to simplify rust option selection
- Update to version 1.4.1.6~git0.5ac5a8aad:
  * Bump version to 1.4.1.6
  * Issue 50355 - SSL version min and max not correctly applied
  * Issue 50497 - Port cl-dump.pl tool to Python using lib389
  * Issue: 48851 - investigate and port TET matching rules filter tests(Final)
  * correction to fix for #50417
  * Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file
  * Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file
  * Issue 50325 - Add Security tab to UI
  * Ticket 49789 - By default, do not manage unhashed password
  * Ticket 49421 - Implement password hash upgrade on bind.
  * Ticket 49421 - on bind password upgrade proof of concept
  * Ticket 50493 - connection_is_free to trylock
  * Ticket 50459 - Correct issue with allocation state
  * Issue 50499 - Fix audit issues and remove jquery from the whitelist
  * Ticket 50459 - c_mutex to use pthread_mutex to allow ns sharing
  * Ticket 50484 - Add a release build dockerfile and dscontainer improvements
  * Issue 50486 - Update jemalloc to 5.2.0
- Update to version 1.4.1.5~git0.748334143:
  * Bump version to 1.4.1.5
  * Issue 50431 - Fix regression from coverity fix
  * Issue 49239 - Add a new CI test case
  * Issue 49997 - Add a new CI test case
  * Issue 50177 - Add a new CI test case, also added fixes in lib389
  * Issue 49761 - Fix CI test suite issues
  * Issue 50474 - Unify result codes for add and modify of repl5 config
  * Ticket 50472 - memory leak with encryption
  * Issue 50462 - Fix Root DN access control plugin CI tests
  * Issue 50462 - Fix CI tests
  * Ticket 50217 -  Implement dsconf security section
  * Issue: 48851 - Add more test cases to the match test suite.
  * Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
  * Ticket 50439 - fix waitpid issue when pid does not exist
  * Issue 50454 - Fix Cockpit UI branding
  * Issue: 48851 - investigate and port TET matching rules filter tests(index)
  * Issue 49232 - Truncate the message when buffer capacity is exceeded
  * Bump version to 1.4.1.4
  * Ticket 49361 - Use IPv6 friendly network functions
  * Issue: 48851 - Investigate and port TET matching rules filter tests(bug772777)
  * Issue: 50446 -  NameError: name 'ds_is_older' is not defined
  * Issue 49602 - Revise replication status messages
  * Ticket 50439 - Update docker integration to work out of source directory
  * Ticket 50037 - revert path changes as it breaks prefix/rpm builds
  * Issue 50431 - Fix regression from coverity fix
  * Issue 50370 - CleanAllRUV task crashing during server shutdown
  * Issue: 48851 - investigate and port TET matching rules filter tests(match)
  * Issue 50417 - Fix missing quote in some legacy tools
  * Ticket 50431 - Fix covscan warnings
  * Revert "Issue 49960 - Core schema contains strings instead of numer oids"
  * Issue 50426 - nsSSL3Ciphers is limited to 1024 characters
  * Issue 50052 - Fix rpm.mk according to audit-ci change
  * Issue 50365 - PIDFile= references path below legacy directory /var/run/
  * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request"
  * Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
  * Ticket 50417 - Revise legacy tool scripts to work with new systemd changes
  * Issue: 48851 - Add more search filters to vfilter_simple test suite
  * Issue 49761 - Fix CI test suite issues
  * Issue 49875 - Move SystemD service config to a drop-in file
  * Ticket 50413 - ds-replcheck - Always display the Result Summary
  * Issue 50052 - Add package-lock.json and use "npm ci"
  * Issue: 48851 - investigate and port TET matching rules filter tests(vfilter simple)
  * Ticket 50355 -  NSS can change the requested SSL min and max versions
  * Issue: 48851 - investigate and port TET matching rules filter tests(vfilter_ld)
  * Issue 50390 - Add Managed Entries Plug-in Config Entry schema
  * Ticket 49730 - Remove unused Mozilla ldapsdk variables
- Update to version 1.4.1.3~git0.1f1119d4b:
  * Bump version to 1.4.1.3
  * Issue 49761 - Fix CI test suite issues
  * Issue 50041 - Add the rest UI Plugin tabs - Part 2
  * Ticket 50340 - 2nd try - structs for diabled plugins will not be freed
  * Issue 50403 - Instance creation fails on 1.3.9 using perl utils and latest lib389
  * Ticket 50389 - ns-slapd craches while two threads are polling the same connection
  * Issue: 48851 - investigate and port TET matching rules filter tests(scanlimit)
  * Issue 50037 - lib389 fails to install in venv under non-root user
  * Issue: 50112 - Port ACI test suit from TET to python3(userattr)
  * Ticket 50393 - maxlogsperdir accepting negative values
  * Issue: 50112 - Port ACI test suit from TET to python3(roledn)
  * Issue 49960 - Core schema contains strings instead of numer oids
  * Ticket 50396 - Crash in PAM plugin when user does not exist
  * Issue 50387 - enable_tls() should label ports with ldap_port_t
  * Issue 50390 - Add Managed Entries Plug-in Config Entry schema
  * Ticket 50306 - Fix regression with maxbersize
  * Issue 50384 - Missing dependency: cracklib-dicts
  * Issue 49029 - [RFE] improve internal operations logging
  * Issue 49761 - Fix CI test suite issues
  * Issue - 50374 dsdim posixgroup create fails with ERROR
  * Ticket 50251 - clear text passwords visable in CLI verbose mode logging
  * Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
  * Issue:48851 - investigate and port TET matching rules filter tests
  * Issue 50220 - attr_encryption test suite failing
  * Ticket 50370 -  CleanAllRUV task crashing during server shutdown
  * Ticket 50340 cont - structs for disabled plugins will not be freed
  * Fix missing import
  * Issue 50164 - Add test for dscreate to basic test suite
  * Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes
  * Issue 49730 - MozLDAP bindings have been unsupported for a while
  * Issue #50353 - Categorize tests by tiers
  * Issue 50303 - Add creation date to task data
  * Issue: 50358 -  Create a Bitwise Plugin class in plugins.py
  * Remove the nss3 path prefix from the cert.h C preprocessor source file inclusion
  * Ticket 50329 - revert fix
  * Issue: 50112 - Port ACI test suit from TET to python3(keyaci)
  * Ticket 50344 - tidy rpm vs build systemd flag handling
  * Issue #50067 - Fix krb5 dependency in a specfile
  * Ticket 50340 - structs for diabled plugins will not be freed
  * Ticket 50327 - Add replication conflict support to UI
  * Ticket 50327 - Add replication conflict entry support to lib389/CLI
  * Ticket 50329 - improve connection default parameters
  * Issue: 50313 - Add a NestedRole type to lib389
  * Issue:50112 - Port ACI test suit from TET to python3(Delete and  Add)
  * Ticket 49390, 50019 - support cn=config compare operations
  * Issue 50041 - Add the rest UI Plugin tabs - Part 1
  * Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
  * Ticket 49990 - Increase the default FD limits
  * Ticket 50306 - (cont typo) Move connection config inside struct
  * Ticket 50291 - Add monitor tab functionality to Cockpit UI
  * Fix cockpit console AppStream data
  * Ticket 50317 - fix ds-backtrace issue on latest gdb
  * Ticket 50305 - Revise CleanAllRUV task restart process
  * Fix typo from: Issue 49915 - Add regression test
  * Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is modified
  * Ticket 49899 - fix pin.txt and pwdfile permissions
  * Issue 49915 - Add regression test
  * Ticket 50303 - Add task creation date to task data
  * Ticket 50306 - Move connection config inside struct
  * Ticket 50240 - Improve task logging
  * Issue 50032 - Fix deprecation warnings in tests
  * Ticket 50310 - fix sasl header include
  * Ticket 49390 - improve compare and cn=config compare tests
- fix permissions handling (boo#1120189)
- Update to version 1.4.1.2~git0.9a126614a:
  * Removes sysconfig from RPM as we no longer create it to detect
    instance existance or settings. Older installs will still have
    their sysconfig parsed, but new installs should use systemd
    environment variables.
  * Bump version to 1.4.1.2
  * Ticket 50308 - Revise memory leak fix
  * Ticket 50308 - Fix memory leaks for repeat binds and replication
  * Use PKG_CHECK_MODULES to detect the systemd library
  * Use PKG_CHECK_MODULES to detect the kerberos library
  * Use pkg-config from the host system to better support cross-compiling
  * Use PKG_CHECK_MODULES to detect the libsasl2 library
  * configure.ac: Add missing comma to an AC_ARG_ENABLE macro
  * configure.ac: Remove unpaired parentheses from two help strings
  * m4/doxygen.m4: Fix spelling of Doxygen in a message
  * Use PKG_CHECK_MODULES to detect the pcre library
  * Use PKG_CHECK_MODULES to detect the cmocka library
  * Use PKG_CHECK_MODULES to detect the nss library
  * Use PKG_CHECK_MODULES to detect the nspr library
  * Use PKG_CHECK_MODULES to detect the event library
  * Ticket 49873 - (cont 3rd) cleanup debug log
  * Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup
  * Issue 50292 - Fix Plugin CLI and UI issues
  * Issue:50112 - Port ACI test suit from TET to python3(misc and syntax)
  * Ticket 50289 - Fix various database UI issues
  * Ticket 49463 After cleanALLruv, replication is looping on keep alive DEL
  * Ticket 50300 - Fix memory leak in automember plugin
  * Ticket 50265: the warning about skew time could last forever
  * Ticket 50260 - Invalid cache flushing improvements
  * Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry
  * Ticket 50077 - Do not automatically turn automember postop modifies on
  * Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members
  * Ticket 49715 - extend account functionality
  * Ticket 49873: (cont) Contention on virtual attribute lookup
  * Ticket 50260 - backend txn plugins can corrupt entry cache
  * Ticket 50255 - Port password policy test to use DSLdapObject
  * Ticket 49667 - 49668 - remove old spec files
  * Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present
  * Issue: 50112 - Port ACI test suit from TET to python3(Search)
  * Ticket 50259 - implement dn construction test
  * Ticket 50273 - reduce default replicaton agmt timeout
  * Ticket 50208 - lib389- Fix issue with list all instances
  * Issue: 50112 - Port ACI test suit from TET to python3(Global Group)
  * Issue 50041 - Add CLI functionality for special plugins
  * Issue 50263 - LDAPS port not listening after installation
  * Ticket 49575 - Indicate autosize value errors and corrective actions
  * Ticket 50137 - create should not check in non-stateful mode for exist
  * Ticket 49655 - remove doap file
  * Issue 50197 - Fix dscreate regression
  * Ticket 50234 - one level search returns not matching entry
  * Ticket 50257 - lib389 - password policy user vs subtree checks are broken
  * Issue: 50253 -  Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py
  * Issue 49029 - [RFE] improve internal operations logging
  * Ticket 50230 - improve ioerror msg when not root/dirsrv
  * Issue 50246 - Fix the regression in old control tools
  * Ticket 50197 - Container integration part 2
  * Ticket 50197 - Container init tools
  * Ticket 50232 - export creates not importable ldif file
  * Ticket 50215 - UI - implement Database Tab in reachJS
  * Ticket 50243 - refint modrdn stress test
  * Ticket 50238 - Failed modrdn can corrupt entry cache
  * Ticket 50236 - memberOf should be more robust
  * Ticket 50213 - fix list instance issue
  * Issue: 50219 - Add generic filter to DSLdapObjects
  * Issue: 50227 - Making an cosClassicDefinition type in src/lib389/lib389/cos.py
  * Issue: 50112 - Port ACI test suit from TET to python3(modify)
  * Ticket 50224 - warnings on deprecated API usage
  * Issue:50112 - Port ACI test suit from TET to python3(valueaci)
  * Issue: 50112 Port ACI test suit from TET to python3(Aci Atter)
  * Ticket 50208 - make instances mark off based on dse.ldif not sysconfig
  * Issue: 50170 - composable object types for nsRole in lib389
  * Ticket 50199 - disable perl by default
  * Issue:50211 - Making an actual Anonymous type in lib389/idm/account.py
  * Ticket 50155 - password history check has no way to just check the current password
  * Ticket 49873 - Contention on virtual attribute lookup
  * Ticket 50197 - Container integration improvements
  * Ticket 50195 - improve selinux error messages in interactive
  * Ticket 49658 - In replicated topology a single-valued attribute can diverge
  * Ticket 50111: Use pkg-config to detect icu
  * Ticket 50165 - Fix issues with dscreate
  * Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status
  * Ticket 50140 - Use high ports in container installs
  * Ticket 50184 - Add cli tool parity to dsconf/dsctl
  * Ticket 50159 - sssd and config display
- Remove a pair of %if..%endif guards that do not affect the build.
- Updates to 389-ds.spec
  - Make lib389 a requirement of 389-ds installs
  - Disable shell script wrappers that have be replaced by dsctl/dsconf
  - Disable perl in spec file build. For replacement tools see:
      http://www.port389.org/docs/389ds/FAQ/legacy-command-changes.html
  - Remove patches that have been merged by upstream
  - Removed: 0001-init_fhs.patch - merged by upstream
  - Removed: 0002-use-python2-for-selinux-detection.patch - merged
    by upstream
  - Removed: drop-caps.patch - merged by upstream
  - Commented requires and recommendes in 389-ds.spec
  - cyrus-sasl-plain added as a requirement as it is the only plaintext
    or start TLS secure method for password auth (LDAPS is always secure)
  - cyrus-sasl-gssapi moved to recommends as it is not always required
  - cyrus-sasl-digestmd5 moved to recommends, as it is insecure and not
    always required
  - openldap2-client moved to recommends on lib389 as a supplement to
    ldap command line tools that we provide, but not necessary
  - python3-selinux and python3-policycoreutils moved to recommends
    as they are not required, and only give "nice to have" features
    during install of an instance
- Update to version 1.4.1.1~git0.af9bb7206:
  * Bump version to 1.4.1.1
  * Ticket 50151 - lib389 support cli add/replace/delete on objects
  * Issue 50041 - CLI and WebUI - Add memberOf plugin functionality
  * Bump version to 1.4.1.0
  * Ticket 50125 - perl fix ups for tmpfiles
  * Ticket 50164 - Add test for dscreate
  * Fix for ticket 50059: If an object is nsds5replica, it must be cn=replica
  * Ticket 50169 - lib389 changed hardcoded systemctl path
  * Ticket 50165 - Fix dscreate issues
  * Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser
  * Fix compiler warning in snmp main()
  * Ticket - Fix compiler warning in init.c
  * Ticket 49540 - FIx compiler warning in ldif2ldbm
  * Ticket 50169 - lib389 changed hardcoded systemctl path
  * Ticket 50165 - Fix dscreate issues
  * Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser
  * Ticket 49540 - FIx compiler warning in ldif2ldbm
  * Ticket 50077 - Fix compiler warnings in automember rebuild task
  * Ticket 49972 - use-after-free in case of several parallel krb
  * authentication
  * Ticket 50161 - Fixed some descriptions in "dsconf backend --help"
  * Ticket 50153 - Increase default max logs
  * Ticket 50123 - with_tmpfiles_d is associated to systemd
  * Ticket 49984 - python installer add option to create suffix entry
  * Ticket 49984 - python installer add option to create suffix entry
  * Ticket 50077 - RFE - improve automember plugin to work with
  * modify ops
  * Ticket 50136 - Allow resetting passwords on the CLI
  * Ticket 49994 - Adjust dsconf backend usage
  * Ticket 50138 - db2bak.pl -P LDAPS does not work when
  * nsslapd-securePort is missing
  * Ticket 50122 - Fix incorrect path spec
  * Issue 50145 - Add a verbose option to the backup tools
  * Ticket 50056 - dsctl db2ldif throws an exception
  * Ticket 50078 - cannot add cenotaph in read only consumer
  * Ticket 50126 - Incorrect usage of sudo in test
  * Issue 50130 - Building RPMs on RHEL8 fails
  * Ticket 50134 - fixup-memberof.pl does not respect protocol requested
  * Issue 50122 - Selinux test for presence
  * Issue 50101 -  Port fourwaymmr Test TET suit to python3
  * Issue 50091 - shadowWarning is not generated if passwordWarning
  * is lower than 86400 seconds (1 day).
  * Ticket 50128 - NS Stress fails without ipv6
  * Issue 49618 - Set nsslapd-cachememsize to custom value
  * Ticket 50117 - after certain failed import operation, impossible
  * to replay an import operation
  * Ticket 49999 - rpm.mk dist-bz2 should clean cockpit_dist first
  * Issue 48064 - Fix various issues in disk monitoring test suite
  * Issue 49938 - lib389 - Clean up CLI logging
  * Issue 49761 - Fix CI test suite issues
  * Ticket 50056 - Fix UI bugs (part 2)
  * Issue: 48064 - CI test - disk_monitoring
  * Ticket 50099 - extend error messages
  * Ticket 50099 - In FIPS mode, the server can select an unsupported
  * password storage scheme
  * Issue 50041 - Add basic plugin UI/CLI wrappers
  * Issue 50082 - Port state test suite
  * Ticket 49574 - remove index subsystem
  * Issue 49588 - Add py3 support for tickets : part-5
  * Ticket 50095 - cleanup deprecated key.h includes
- use lib389 on 15.0 and up. now that we do not hardrequire the
  python selinux bindings anymore

-------------------------------------------------------------------
Fri Aug  9 02:15:50 UTC 2019 - William Brown <william.brown@suse.com>

- Update specfile to be inline with the OpenSUSE spec file
  * include future-configurations in the spec which are not active until 15.2
    * lib389 (upstream requirement from 1.4.0)
    * rust (upstream requirement from 1.4.2)
    * removal of perl (upstream has not supported perl in any 1.4.x release)
  * resolve missing svrcore obsoletes statement and pkg configuration
    (bsc#1144797)

-------------------------------------------------------------------
Thu Aug 01 04:19:39 UTC 2019 - 389-ds-maintainer@suse.de

- Update to version 1.4.0.26~git0.8a2d3de6f:
  * Bump version to 1.4.0.26
  * Issue 50499 - Fix audit issues and remove jquery from the whitelist
  * Issue 50355 - SSL version min and max not correctly applied
  * Issue 50325 - Add Security tab to UI
  * Issue 50177 - Add a new CI test case, also added fixes in lib389
  * Bump version to 1.4.0.25
  * Issue 50431 - Fix regression from coverity fix
  * Bump version to 389-ds-base-1.4.0.24
  * Fix cherry-pick error from last commit
  * Issue 50052 - Fix rpm.mk according to audit-ci change
  * Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present
  * Issue 50041 - Add the rest UI Plugin tabs - Part 1
  * Ticket 50217 -  Implement dsconf security section
  * Issue 49602 - Revise replication status messages
  * Issue 50431 - Fix regression from coverity fix
  * Ticket 50431 - Fix covscan warnings
  * Issue 50426 - nsSSL3Ciphers is limited to 1024 characters
  * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request"
  * Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
  * Ticket 50413 - ds-replcheck - Always display the Result Summary
  * Ticket 50355 -  NSS can change the requested SSL min and max versions
  * Bump version to 1.4.0.23
  * Issue 50041 - Add the rest UI Plugin tabs - Part 2
  * Ticket 50340 - 2nd try - structs for diabled plugins will not be freed
  * Ticket 50393 - maxlogsperdir accepting negative values
  * Ticket 50396 - Crash in PAM plugin when user does not exist
  * Issue 50390 - Add Managed Entries Plug-in Config Entry schema
  * Ticket 50251 - clear text passwords visable in CLI verbose mode logging
  * Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
  * Ticket 50370 -  CleanAllRUV task crashing during server shutdown
  * Ticket 50340 cont - structs for disabled plugins will not be freed
  * Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes
  * Ticket 50329 - revert fix
  * Ticket 50340 - structs for diabled plugins will not be freed
  * Ticket 50327 - Add replication conflict support to UI
  * Ticket 50327 - Add replication conflict entry support to lib389/CLI
  * Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
  * Ticket 49990 - Increase the default FD limits
  * Ticket 50291 - Add monitor tab functionality to Cockpit UI
  * Fix cockpit console AppStream data
  * Ticket 50305 - Revise CleanAllRUV task restart process
  * Ticket 50303 - Add task creation date to task data
  * Ticket 50240 - Improve task logging


-------------------------------------------------------------------
Tue Apr 16 01:19:05 UTC 2019 - 389-ds-maintainer@suse.de

- Update to version 1.4.0.22~git0.9d84a40dd:
  * Bump version to 1.4.0.22 which resolves:
    * (bsc#1120189)
    * (bsc#991201, CVE-2016-5416)
    * (bsc#1083689, CVE-2018-1054)
    * (bsc#1092187, CVE-2018-1089)
    * (bsc#1099465, CVE-2018-10871)
    * (bsc#1108674, CVE-2018-14638)
    * (bsc#1109609, CVE-2018-14648)
    * (bsc#1132385, CVE-2019-3883)
    * (bsc#1105606, CVE-2018-10935)
  * Ticket 50308 - Revise memory leak fix
  * Ticket 50308 - Fix memory leaks for repeat binds and replication
  * Ticket 49873 - (cont 3rd) cleanup debug log
  * Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup
  * Issue 50292 - Fix Plugin CLI and UI issues
  * Ticket 50289 - Fix various database UI issues
  * Ticket 50300 - Fix memory leak in automember plugin
  * Ticket 50265: the warning about skew time could last forever
  * Ticket 50260 - Invalid cache flushing improvements
  * Remove obsolete patch 0001-init_fhs.patch
  * Remove obsolete patch 0002-use-python2-for-selinux-detection.patch
  * Remove obsolete patch 0003-fix-rm-non-existent-man-pages.patch
  * Remove obsolete patch simplify-lib389-setup-py.patch
  * Remove obsolete patch tw.patch
  * Remove obsolete patch 0006-under-network-load-ps-can-decrease-connection-refcnt.patch
  * Remove obsolete patch 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch
  * Remove obsolete patch 0008-invalid-password-migration-causes-unauth-bind.patch
  * Remove obsolete patch 0009-ldapsearch-with-server-side-sort-crashes-the-server.patch
  * Remove obsolete patch 0010-Log-buffer-exceeded-emergency-logging-msg-is-not-thread-safe.patch

-------------------------------------------------------------------
Tue Sep 11 12:47:02 UTC 2018 - varkoly@suse.com

- Introduce patch:
  0010-Log-buffer-exceeded-emergency-logging-msg-is-not-thread-safe.patch 
  to fix the issue "389-ds: Server crash through modify command with large DN"
  (bsc#1106699, CVE-2018-14624)

-------------------------------------------------------------------
Wed Aug 22 13:26:15 UTC 2018 - varkoly@suse.com

- Introduce patch:
  0009-ldapsearch-with-server-side-sort-crashes-the-server.patch
  to fix the issue that ldapsearch with server side sort allows 
  users to cause a crash (bsc#1105606, CVE-2018-10935)

-------------------------------------------------------------------
Tue Jul 31 14:36:51 UTC 2018 - dakechi@suse.com

- Introduce patches:
 * 0006-under-network-load-ps-can-decrease-connection-refcnt.patch
   to fix the race condition on reference counter (bsc#1096368,
   CVE-2018-10850)
 * 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch
   (bsc#1076530, CVE-2017-15134)
 * 0008-invalid-password-migration-causes-unauth-bind.patch
   (bsc#1076530, CVE-2017-15135)

-------------------------------------------------------------------
Mon Feb 19 13:01:04 UTC 2018 - hguo@suse.com

- Explicitly generate dirsrv sysconfig file as it is necessary for
  SLES 15 (bsc#1081324).

-------------------------------------------------------------------
Fri Feb  2 01:31:25 UTC 2018 - mrueckert@suse.de

- switch lib389 to use the python3-ldap subpackage

-------------------------------------------------------------------
Wed Jan 31 13:28:21 UTC 2018 - hguo@suse.com

- For SLES 15 schedule, do not build lib389 programmable extension
  for now.

-------------------------------------------------------------------
Wed Jan 31 11:13:17 UTC 2018 - dimstar@opensuse.org

- BuildRequire python3-ldap instead of python3-pyldap: pyldap is
  deprecated in favor of python-ldap.

-------------------------------------------------------------------
Tue Jan 30 14:19:15 UTC 2018 - hguo@suse.com

- Rename dependency package python-pyldap into python3-pyldap.

-------------------------------------------------------------------
Mon Jan 29 15:20:10 UTC 2018 - hguo@suse.com

- Correct name to dependency package "python-pyldap".

-------------------------------------------------------------------
Thu Jan 25 15:09:41 UTC 2018 - hguo@suse.com

- Introduce patch 0003-fix-rm-non-existent-man-pages.patch to remove
  a faulty rm statement from makefile.

-------------------------------------------------------------------
Sun Jan 14 02:59:15 UTC 2018 - mrueckert@suse.de

- add tw.patch to fix potential buffer overflow

-------------------------------------------------------------------
Tue Dec  5 14:45:57 UTC 2017 - rbrown@suse.com

- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468) 

-------------------------------------------------------------------
Mon Nov 20 22:34:46 UTC 2017 - mrueckert@suse.de

- added simplify-lib389-setup-py.patch
  seems the python3 setuptools on leap 42.3 do not like this fancy
  syntax. kill it and always use the python 3 way.

-------------------------------------------------------------------
Mon Nov 20 22:15:45 UTC 2017 - mrueckert@suse.de

- update to 1.4.0.3
  - Ticket 49457 - Fix spal_meminfo_get function prototype
  - Ticket 49455 - Add tests to monitor test suit.
  - Ticket 49448 - dynamic default pw scheme based on environment.
  - Ticket 49298 - fix complier warn
  - Ticket 49298 - Correct error codes with config restore.
  - Ticket 49454 - SSL Client Authentication breaks in FIPS mode
  - Ticket 49453 - passwd.py to use pwdhash defaults.
  - Ticket 49427 - whitespace in fedse.c
  - Ticket 49410 - opened connection can remain no longer poll,
    like hanging
  - Ticket 48118 - fix compiler warning for incorrect return type
  - Ticket 49451 - Add environment markers to lib389 dependencies
  - Ticket 49325 - Proof of concept rust tqueue in sds
  - Ticket 49443 - scope one searches in 1.3.7 give incorrect
    results
  - Ticket 48118 - At startup, changelog can be erronously rebuilt
    after a normal shutdown
  - Ticket 49412 - SIGSEV when setting invalid changelog config
    value
  - Ticket 49441 - Import crashes - oneline fix
  - Ticket 49377 - Incoming BER too large with TLS on plain port
  - Ticket 49441 - Import crashes with large indexed binary
    attributes
  - Ticket 49435 - Fix NS race condition on loaded test systems
  - Ticket 77 - lib389 - Refactor docstrings in rST format - part 2
  - Ticket 17 - lib389 - dsremove support
  - Ticket 3 - lib389 - python 3 compat for paged results test
  - Ticket 3 - lib389 - Python 3 support for memberof plugin test
    suit
  - Ticket 3 - lib389 - config test
  - Ticket 3 - lib389 - python 3 support ds_logs tests
  - Ticket 3 - lib389 - python 3 support for betxn test

-------------------------------------------------------------------
Sat Nov 11 00:53:42 UTC 2017 - mrueckert@suse.de

- we actually need pyldap

-------------------------------------------------------------------
Fri Nov 10 23:50:29 UTC 2017 - mrueckert@suse.de

- lib389 is merged into this tarball now. move the subpackage here.

-------------------------------------------------------------------
Fri Nov 10 22:45:23 UTC 2017 - mrueckert@suse.de

- update to 1.4.0.2
  - Ticket 48393 - fix copy and paste error
  - Ticket 49439 - cleanallruv is not logging information
  - Ticket 48393 - Improve replication config validation
  - Ticket lib389 3 - Python 3 support for ACL test suite
  - Ticket 103 - sysconfig not found
  - Ticket 49436 - double free in COS in some conditions
  - Ticket 48007 - CI test to test changelog trimming interval
  - Ticket 49424 - Resolve csiphash alignment issues
  - Ticket lib389 3 - Python 3 support for
    pwdPolicy_controls_test.py
  - Ticket 3 - python 3 support - filter test
  - Ticket 49434 - RPM build errors
  - Ticket 49432 - filter optimise crash
  - Ticket 49432 - Add complex fliter CI test
  - Ticket 48894 - harden valueset_array_to_sorted_quick valueset
    access
  - Ticket 49401 - Fix compiler incompatible-pointer-types warnings
  - Ticket 48681 - Use of uninitialized value in string ne at
    /usr/bin/logconv.pl
  - Ticket 49409 - Update lib389 requirements
  - Ticket 49401 - improve valueset sorted performance on delete
  - Ticket 49374 - server fails to start because maxdisksize is
    recognized incorrectly
  - Ticket 49408 - Server allows to set any nsds5replicaid in the
    existing replica entry
  - Ticket 49407 - status-dirsrv shows ellipsed lines
  - Ticket 48681 - Use of uninitialized value in string ne at
    /usr/bin/logconv.pl
  - Ticket 49386 - Memberof should be ignore MODRDN when the
    pre/post entry are identical
  - Ticket 48006 - Missing warning for invalid replica backoff
    configuration
  - Ticket 49064 - testcase hardening
  - Ticket 49064 - RFE allow to enable MemberOf plugin in dedicated
    consumer
  - Ticket lib389 3 - python 3 support
  - Ticket 49402 - Adding a database entry with the same database
    name that was deleted hangs server at shutdown
  - Ticket 48235 - remove memberof lock (cherry-pick error)
  - Ticket 49394 - build warning
  - Ticket 49381 - Refactor numerous suite docstrings - Part 2
  - Ticket 49394 - slapi_pblock_get may leave unchanged the
    provided variable
  - Ticket 49403 - tidy ns logging
  - Ticket 49381 - Refactor filter test suite docstrings
  - Ticket 48235 - Remove memberOf global lock
  - Ticket 103 - Make sysconfig where it is expected to exist
  - Ticket 49400 - Add clang support to rpm builds
  - Ticket 49381 - Refactor ACL test suite docstrings
  - Ticket 49363 - Merge lib389
  - Ticket 101 - BaseException.message has been deprecated in
    Python3
  - Ticket 102 - referral support
  - Ticket 99 - Fix typo in create_topology
  - Ticket #98 - Fix dbscan output
  - Ticket #77 - Fix changelogdb param issue
  - Ticket #77 - Refactor docstrings in rST format - part 1
  - Ticket 96 - Change binaries’ names
  - Ticket 77 - Add sphinx documentation
  - Ticket 43 - Add support for Referential Integrity plugin
  - Ticket 45 - Add support for Rootdn Access Control plugin
  - Ticket 46 - dsconf support for dynamic schema reload
  - Ticket 74 - Advice users to set referint-update-delay to 0
  - Ticket 92 - display_attr() should return str not bytes in py3
  - Ticket 93 - Fix test cases in ctl_dbtasks_test.py
  - Ticket 88 - python install and remove for tests
  - Ticket 85 - Remove legacy replication attribute
  - Ticket 91 - Fix replication topology
  - Ticket 89 - Fix inconsistency with serverid
  - Ticket 79 - Fix replica.py and add tests
  - Ticket 86 - add build dir to gitignore
  - Ticket 83 - Add an util for generating instance parameters
  - Ticket 87 - Update accesslog regec for HR etimes
  - Ticket 49 - Add support for whoami plugin
  - Ticket 48 - Add support for USN plugin
  - Ticket 78 - Add exists() method to DSLdapObject
  - Ticket 31 - Allow complete removal of some memberOf attrs
  - Ticket31 - Add memberOf fix-up task
  - Ticket 67 - Add ensure_int function
  - Ticket 59 - lib389 support for index management.
  - Ticket 67 - get attr by type
  - Ticket 70 - Improve repl tools
  - Ticket 50 - typo in db2* in dsctl
  - Ticket 31 - Add status command and SkipNested support for
    MemberOf
  - Ticket 31 - Add functional tests for MemberOf plugin
  - Ticket 66 - expand healthcheck for Directory Server
  - Ticket 69 - add specfile requires
  - Ticket 31 - Initial MemberOf plugin support
  - Ticket 50 - Add db2* tasks to dsctl
  - Ticket 65 - Add m2c2 topology
  - Ticket 63 - part 2, agreement test
  - Ticket 63 - lib389 python 3 fix
  - Ticket 62 - dirsrv offline log
  - Ticket 60 - add dsrc to dsconf and dsidm
  - Ticket 32 - Add TLS external bind support for testing
  - Ticket 27 - Fix get function in tests
  - Ticket 28 - userAccount for older versions without nsmemberof
  - Ticket 27 - Improve dseldif API
  - Ticket 30 - Add initial support for account lock and unlock.
  - Ticket 29 - fix incorrect format in tools
  - Ticket 28 - Change default objectClasses for users and groups
  - Ticket 1 - Fix missing dn / rdn on config.
  - Ticket 27 - Add a module for working with dse.ldif file
  - Ticket 1 - cn=config comparison
  - Ticket 21 - Missing serverid in dirsrv_test due to incorrect
    allocation
  - Ticket 26 - improve lib389 sasl support
  - Ticket 24 - Join paths using os.path.join instead of string
    concatenation
  - Ticket 25 - Fix RUV repr function
  - Ticket 23 - Use DirSrv.exists() instead of manually checking
    for instance’s existence
  - Ticket 1 - cn=config comparison
  - Ticket 22 - Specify a basedn parameter for IDM modules
  - Ticket 19 - missing readme.md in python3
  - Ticket 20 - Use the DN_DM constant instead of hard coding its
    value
  - Ticket 19 - Missing file and improve make
  - Ticket 14 - Remane dsadm to dsctl
  - Ticket 16 - Reset InstScriptsEnabled argument during the init
  - Ticket 14 - Remane dsadm to dsctl
  - Ticket 13 - Add init function to create new domain entries
  - Ticket 15 - Improve instance configuration ability
  - Ticket 10 - Improve command line tool arguments
  - Ticket 9 - Convert readme to MD
  - Ticket 7 - Add pause and resume methods to topology fixtures
  - Ticket 49172 - Allow lib389 to read system schema and instance
  - Ticket 49172 - Allow lib389 to read system schema and instance
  - Ticket 6 - Bump lib389 version 1.0.4
  - Ticket 5 - Fix container build on fedora
  - Ticket 4 - Cert detection breaks some tests
  - Ticket 49137 - Add sasl plain tests, lib389 support
  - Ticket 2 - pytest mark with version relies on root
  - Ticket 49126 - DIT management tool
  - Ticket 49101 - Python 2 generate example entries
  - Ticket 49103 - python 2 support for installer
  - Ticket 47747 - Add topology_i2 and topology_i3
  - Ticket 49087 - lib389 resolve jenkins issues
  - Ticket 48413 - Improvements to lib389 for rest
  - Ticket 49083 - Support prefix for discovery of the defaults.inf
    file.
  - Ticket 49055 - Fix debugging mode issue
  - Ticket 49060 - Increase number of masters, hubs and consumers
    in topology
  - Ticket 47747 - Add more topology fixtures
  - Ticket 47840 - Add InstScriptsEnabled argument
  - Ticket 47747 - Add topology fixtures module
  - Ticket 48707 - Implement draft-wibrown-ldapssotoken-01
  - Ticket 49022 - Lib389, py3 installer cannot create entries in
    backend
  - Ticket 49024 - Fix paths to the dbdir parent
  - Ticket 49024 - Fix db_dir paths
  - Ticket 49024 - Fix paths in tools module
  - Ticket 48961 - Fix lib389 minor issues shown by 48961 test
  - Ticket 49010 - Lib389 fails to start with systemctl changes
  - Ticket 49007 - lib389 fixes for paths to use online values
  - Ticket 49005 - Update lib389 to work in containers correctly.
  - Ticket 48991 - Fix lib389 spec for python2 and python3
  - Ticket 48984 - Add lib389 paths module
  - Ticket 48951 - dsadm dsconfig status and plugin
  - Ticket 47957 - Update the replication “idle” status string
  - Ticket 48951 - dsadm and dsconf base files
  - Ticket 48952 - Restart command needs a sleep
  - Ticket 48949 - Fix ups for style and correctness
  - Ticket 48949 - added copying slapd-collations.conf
  - Ticket 48949 - change default file path generation - use
    os.path.join
  - Ticket 48949 - os.makedirs() exist_ok not python2 compatible,
    added try/except
  - Ticket 48949 - configparser fallback not python2 compatible
  - Ticket 48946 - openConnection should not fully popluate DirSrv
    object
  - Ticket 48832 - Add DirSrvTools.getLocalhost() function
  - Ticket 48382 - Fix serverCmd to get sbin dir properly
  - Bug 1347760 - Information disclosure via repeated use of LDAP
    ADD operation, etc.
  - Ticket 48937 - Cleanup valgrind wrapper script
  - Ticket 48923 - Fix additional issue with serverCmd
  - Ticket 48923 - serverCmd timeout not working as expected
  - Ticket 48917 - Attribute presence
  - Ticket 48911 - Plugin improvements for lib389
  - Ticket 48911 - Improve plugin support based on new mapped
    objects
  - Ticket 48910 - Fixes for backend tests and lib389 reliability.
  - Ticket 48860 - Add replication tools
  - Ticket 48888 - Correction to create of dsldapobject
  - Ticket 48886 - Fix NSS SSL library in lib389
  - Ticket 48885 - Fix spec file requires
  - Ticket 48884 - Bugfixes for mapped object and new connections
  - Ticket 48878 - better style for backend in backend_test.py
  - Ticket 48878 - pep8 fixes part 2
  - Ticket 48878 - pep8 fixes and fix rpm to build
  - Ticket 48853 - Prerelease installer
  - Ticket 48820 - Begin to test compatability with py.test3, and
    the new orm
  - Ticket 48434 - Fix for negative tz offsets
  - Ticket 48857 - Remove python-krbV from lib389
  - Ticket 48820 - Fix tests to ensure they work with the new
    object types
  - Ticket 48820 - Move Encryption and RSA to the new object types
  - Ticket 48820 - Proof of concept of orm style mapping of configs
    and objects
  - Ticket 48820 - Clitool rename
  - Ticket 48431 - lib389 integrate ldclt
  - Ticket 48434 - lib389 logging tools
  - Ticket 48796 - add function to remove logs
  - Ticket 48771 - lib389 - get ns-slapd version
  - Ticket 48830 - Convert lib389 to ip route tools
  - Ticket 48763 - backup should run regardless of existing
    backups.
  - Ticket 48434 - lib389 logging tools
  - Ticket 48798 - EL6 compat for lib389 tests for DH params
  - Ticket 48798 - lib389 add ability to create nss ca and
    certificate
  - Ticket 48433 - Aci linting tools
  - Ticket 48791 - format args in server tools
  - Ticket 48399 - Helper makefile is missing mkdir dist
  - Ticket 48399 - Helper makefile is missing mkdir dist
  - Ticket 48794 - lib389 build requires are on a single line
  - Ticket 48660 - Add function to convert binary values in an
    entry to base64
  - Ticket 48764 - Fix mit krb password to be random.
  - Ticket 48765 - Change default ports for standalone topology
  - Ticket 48750 - Clean up logging to improve command experience
  - Ticket 48751 - Improve lib389 ldapi support
  - Ticket 48399 - Add helper makefile to lib389 to build and
    install
  - Ticket 48661 - Agreement test suite fails at the test_changes
    case
  - Ticket 48407 - Add test coverage module for lib389 repo
  - Ticket 48357 - clitools should standarise their args
  - Ticket 48560 - Make verbose handling consistent
  - Ticket 48419 - getadminport() should not a be a static method
  - Ticket 48408 - RFE escaped default suffix for tests
  - Ticket 48401 - Revert typecheck
  - Ticket 48401 - lib389 Entry hasAttr returs dict instead of
    false
  - Ticket 48390 - RFE Improvements to lib389 monitor features for
    rest389
  - Ticket 48358 - Add new spec file
  - Ticket 48371 - weaker host check on localhost.localdomain
  - Ticket 58358 - Update spec file with pre-release versioning
  - Ticket 48358 - Make Fedora packaging changes to the spec file
  - Ticket 48358 - Prepare lib389 for Fedora Packaging
  - Ticket 48364 - Fix test failures
  - Ticket 48360 - Refactor the delete agreement function
  - Ticket 48361 - Expand 389ds monitoring capabilities
  - Ticket 48246 - Adding license/copyright to lib389 files
  - Ticket 48340 - Add basic monitor support to lib389
    https://fedorahosted.org/389/ticket/48340
  - Ticket 48353 - Add Replication REST support to lib389
  - Ticket 47840 - Fix regression
  - Ticket 48343 - lib389 krb5 realm management
    https://fedorahosted.org/389/ticket/48343
  - Ticket 47840 - fix lib389 to use sbin scripts
    https://fedorahosted.org/389/ticket/47840
  - Ticket 48335 - Add SASL support to lib389
  - Ticket 48329 - Fix case-senstive scyheam comparisions
  - Ticket 48303 - Fix lib389 broken tests
  - Ticket 48329 - add matching rule functions to schema module
  - Ticket 48324 - fix boolean capitalisation (one line)
    https://fedorahosted.org/389/ticket/48324
  - Ticket 48321 - Improve is_a_dn check to prevent mistakes with
    lib389 auth https://fedorahosted.org/389/ticket/48321
  - Ticket 48322 - Allow reindex function to reindex all attributes
  - Ticket 48319 - Fix ldap.LDAPError exception processing
  - Ticket 48318 - Do not delete a changelog while disabling a
    replication by suffix
  - Ticket 48308 - Add eq and ne to Entry to allow fast comparison
    https://fedorahosted.org/389/ticket/48308
  - Ticket 48303 - Fix lib389 broken tests - backend_test
  - Ticket 48309 - Fix lib389 lib imports
  - Ticket 48303 - Fix lib389 broken tests - agreement_test
  - Ticket 48303 - Fix lib389 broken tests - aci_parse_test
  - Ticket 48301 - add tox support
  - Ticket 48204 - update lib389 for python3
  - Ticket 48273 - Improve valgrind functions
  - Ticket 48271 - Fix for self.prefix being none when
    SER_DEPLOYED_DIR is none
    https://fedorahosted.org/389/ticket/48271
  - Ticket 48259 - Add aci parsing utilities to lib389
  - Ticket 48252 - (lib389) adding get_bin_dir and dbscan
  - Ticket 48247 - Change the default user to ‘dirsrv’
  - Ticket 47848 - Add new function to create ldif files
  - Ticket 48239 - Fix for prefix allocation of un-initialised
    dirsrv objects
  - Ticket 48237 - Add lib389 helper to enable and disable logging
    services.
  - Ticket 48236 - Add get effective rights helper to lib389
  - Ticket 48238 - Add objectclass and attribute type query
    mechanisms
  - Ticket 48029 - Add missing replication related functions
  - Ticket 48028 - add valgrind wrapper for ns-slapd
  - Ticket 48028 - lib389 - add valgrind functions
  - Ticket 48022 - lib389 - Add all the server tasks
  - Ticket 48023 - create function to test replication between
    servers
  - Ticket 48020 - lib389 - need to reset args_instance with every
    DirSrv init
  - Ticket 48000 - Repl agmts need more time to stop
  - Ticket 48004 - Fix various issues
  - Ticket 48000 - replica agreement pause/resume should have a
    short sleep
  - Ticket 47990 - Add check for “.removed” instances when doing an
    upgrade
  - Ticket 47990 - Add “upgrade” function to lib389
  - Ticket 47691 - using lib389 with RPMs
  - Ticket 47848 - Add support for setuptools.
  - Ticket 47855 - Add function to clear tmp directory
  - Ticket 47851 - Need to retrieve tmp directory path
  - Ticket 47845 - add stripcsn option to tombstone fixup task
  - Ticket 47851 - Add function to retrieve dirsrvtests data
    directory
  - Ticket 47845 - Add backup/restore/fixup tombstone tasks to
    lib389
  - Ticket 47819 - Add the new precise tombstone purging config
    attribute
  - Ticket 47695 - Add plugins/tasks/Index
  - Ticket 47648 - lib389 - add schema classes, methods
  - Ticket 47671 - CI lib389: allow to open a DirSrv without having
    to create the instance
  - Ticket 47600 - Replica/Agreement/Changelog not conform to the
    design
  - Ticket 47652 - replica add fails: MT.list return a list not an
    entry
  - Ticket 47635 - MT/Backend/Suffix to be conform with the design
  - Ticket 47625 - CI lib389: DirSrv not conform to the design
  - Ticket 47595 - fail to detect/reinit already existing
    instance/backup
  - Ticket 47590 - CI tests: add/split functions around replication
  - Ticket 47584 - CI tests: add backup/restore of an instance
  - Ticket 47578 - CI tests: removal of ‘sudo’ and absolute path in
    lib389
  - Ticket 47568 - Rename DSAdmin class
  - Ticket 47566 - Initial import of DSadmin into 389-test repos

-------------------------------------------------------------------
Tue Oct 24 12:35:24 UTC 2017 - jengelh@inai.de

- Use openSUSE rpm group classifications.
- Remove removal of .a files that do not exist to begin with
  (because of --disable-static).
- Remove double removal of .la files.
- Do not suppress errors from useradd.

-------------------------------------------------------------------
Wed Oct 18 20:57:17 UTC 2017 - mrueckert@suse.de

- update to 1.4.0.1
  - Ticket 49038 - remove legacy replication - change cleanup
    script precedence
  - Ticket 49392 - memavailable not available
  - Ticket 49235 - pbkdf2 by default
  - Ticket 49279 - remove dsktune
  - Ticket 49372 - filter optimisation improvements for common
    queries
  - Ticket 49320 - Activating already active role returns error 16
  - Ticket 49389 - unable to retrieve specific cosAttribute when
    subtree password policy is configured
  - Ticket 49092 - Add CI test for schema-reload
  - Ticket 49388 - repl-monitor - matches null string many times in
    regex
  - Ticket 49387 - pbkdf2 settings were too aggressive
  - Ticket 49385 - Fix coverity warnings
  - Ticket 49305 - Need to wrap atomic calls
  - Ticket 48973 - Indexing a ExactIA5Match attribute with a
    IgnoreIA5Match matching rule triggers a warning
  - Ticket 49378 - server init fails
  - Ticket 49305 - Need to wrap atomic calls
  - Ticket 49180 - add CI test
  - Ticket 49180 - errors log filled with attrlist_replace -
    attr_replace

-------------------------------------------------------------------
Tue Oct 10 16:06:18 UTC 2017 - mrueckert@suse.de

- drop 389-ds-reproducible.patch: applied upstream

-------------------------------------------------------------------
Fri Sep 29 00:06:42 UTC 2017 - mrueckert@suse.de

- move upgrade and restart code to postun

-------------------------------------------------------------------
Thu Sep 28 15:40:51 UTC 2017 - mrueckert@suse.de

- make sure we stop before uninstall
- build require gdb for directory ownership

-------------------------------------------------------------------
Wed Sep 27 16:11:29 UTC 2017 - mrueckert@suse.de

- sync requires with fedora spec file
  - build with tcmalloc
  - add missing requires for things like bind-utils, db-utils
  - add requires to the devel package
  - split out the snmp agent
  - upgrade all databases on update

-------------------------------------------------------------------
Wed Sep 27 15:10:25 UTC 2017 - mrueckert@suse.de

- update to 1.4.0.0
  - Ticket 49327 - Add CI test for password expiration controls
  - Ticket 48085 - CI tests - replication ruvstore
  - Ticket 49381 - Refactor numerous suite docstrings
  - Ticket 48085 - CI tests - replication cl5
  - Ticket 49379 - Allowed sasl mapping requires restart
  - Ticket 49327 - password expired control not sent during grace
    logins
  - Ticket 49380 - Add CI test
  - Ticket 83 - Fix create_test.py imports
  - Ticket 49381 - Add docstrings to ds_logs, gssapi_repl, betxn
  - Ticket 49380 - Crash when adding invalid replication agreement
  - Ticket 48081 - CI test - password - Ticket 49295 - Fix CI tests
  - Ticket 49295 - Fix CI test for account policy
  - Ticket 49373 - remove unused header file
- changes from 1.3.7.4
  - Ticket 49371 - Cleanup update script
  - Ticket 48831 - Autotune dncache with entry cache.
  - Ticket 49312 - pwdhash -D used default hash algo
  - Ticket 49043 - make replication conflicts transparent to
    clients
  - Ticket 49371 - Fix rpm build
  - Ticket 49371 - Template dse.ldif did not contain all needed
    plugins
  - Ticket 49295 - Fix CI Tests
  - Ticket 49050 - make objectclass ldapsubentry effective
    immediately
- changes from 1.3.7.3
  - Ticket 49354 - fix regression in total init due to mistake in
    range fetch
  - Ticket 49370 - local password policies should use the same
    defaults as the global policy
  - Ticket 48989 - Delete slow lib389 test
  - Ticket 49367 - missing braces in idsktune
  - Ticket 49364 - incorrect function declaration.
  - Ticket 49275 - fix tls auth regression
  - Ticket 49038 - Revise creation of cn=replication,cn=config
  - Ticket 49368 - Fix typo in log message
  - Ticket 48059 - Add docstrings to CLU tests
  - Ticket 47840 - Add docstrings to setup tests
  - Ticket 49348 - support perlless and wrapperless install

-------------------------------------------------------------------
Tue Sep 19 09:39:08 CEST 2017 - kukuk@suse.de

- Remove unnecessary ldconfig calls

-------------------------------------------------------------------
Wed Aug 30 15:49:42 UTC 2017 - mrueckert@suse.de

- update to 1.3.7.2
  - Ticket 49038 - Fix regression from legacy code cleanup
  - Ticket 49295 - Fix CI tests
  - Ticket 48067 - Add bugzilla tests for ds_logs
  - Ticket 49356 - mapping tree crash can occur during tot init
  - Ticket 49275 - fix compiler warns for gcc 7
  - Ticket 49248 - Add a docstring to account locking test case
  - Ticket 49445 - remove dead code
  - Ticket 48081 - Add regression tests for pwpolicy
  - Ticket 48056 - Add docstrings to basic test suite
  - Ticket 49349 - global name ‘imap’ is not defined
  - Ticket 83 - lib389 - Fix tests and create_test.py
  - Ticket 48185 - Remove referint-logchanges attr from referint’s
    config
  - Ticket 48081 - Add regression tests for pwpolicy
  - Ticket 83 - lib389 - Replace topology agmt objects
  - Ticket 49331 - change autoscaling defaults
  - Ticket 49330 - Improve ndn cache performance.
  - Ticket 49347 - reproducable build numbers
  - Ticket 39344 - changelog ldif import fails
  - Ticket 49337 - Add regression tests for import tests
  - Ticket 49309 - syntax checking on referint’s delay attr
  - Ticket 49336 - SECURITY: Locked account provides different
    return code
  - Ticket 49332 - Event queue is not working
  - Ticket 49313 - Change the retrochangelog default cache size
  - Ticket 49329 - Descriptive error msg for USN cleanup task
  - Ticket 49328 - Cleanup source code
  - Ticket 49299 - Add normalized dn cache stats to dbmon.sh
  - Ticket 49290 - improve idl handling in complex searches
  - Ticket 49328 - Update clang-format config file
  - Ticket 49091 - remove usage of changelog semaphore
  - Ticket 49275 - shadow warnings for gcc7 - pass 1
  - Ticket 49316 - fix missing not condition in clock cleanu
  - Ticket 49038 - Remove legacy replication
  - Ticket 49287 - v3 extend csnpl handling to multiple backends
  - Ticket 49310 - remove sds logging in debug builds
  - Ticket 49031 - Improve memberof with a cache of group parents
  - Ticket 49316 - Fix clock unsafety in DS
  - Ticket 48210 - Add IP addr and connid to monitor output
  - Ticket 49295 - Fix CI tests and compiler warnings
  - Ticket 49295 - Fix CI tests
  - Ticket 49305 - Improve atomic behaviours in 389-ds
  - Ticket 49298 - fix missing header
  - Ticket 49314 - Add untracked files to the .gitignore
  - Ticket 49303 - Fix error in CI test
  - Ticket 49302 - fix dirsrv importst due to lib389 change
  - Ticket 49303 - Add option to disable TLS client-initiated
    renegotiation
  - Ticket 49298 - force sync() on shutdown
  - Ticket 49306 - make -f rpm.mk rpms produces build without
    tcmalloc enabled
  - Ticket 49297 - improve search perf in bpt by removing a deref
  - Ticket 49284 - resolve crash in memberof when deleting attrs
  - Ticket 49290 - unindexed range searches don’t provide notes=U
  - Ticket 49301 - Add one logpipe test case
- changes from 1.3.6.8
  - Ticket 49356 - mapping tree crash can occur during tot init
- changes from 1.3.6.7
  - Ticket 49330 - Improve ndn cache performance
  - Ticket 49298 - fix missing header
  - Ticket 49298 - force sync() on shutdown
  - Ticket 49336 - SECURITY: Locked account provides different
    return code
  - Ticket 49334 - fix backup restore if changelog exists
  - Ticket 49313 - Change the retrochangelog default cache size
  - Fix error log format in add.c
  - Ticket 49287 - fix compiler warning for patch 49287
  - Ticket 49287 - v3 extend csnpl handling to multiple backends
  - Ticket 49288 - RootDN Access wrong plugin path in
    template-dse.ldif.in
  - Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV if
    related pblock has not operation set
  - Ticket 49008 - Fix MO plugin betxn test
  - Ticket 49227 - ldapsearch does not return the expected Error
    log level
  - Ticket 49028 - Add autotuning test suite
  - Ticket 49273 - bak2db doesn’t operate with dbversion
  - Ticket 49184 - adjust logging level in MO plugin
  - Ticket 49257 - only register modify callbacks
  - Ticket 49257 - Update CI script
  - Ticket 49008 - Adjust CI test for new memberOf behavior
  - Ticket 49273 - crash when DBVERSION is corrupt.
  - Ticket 49268 - master branch fails on big endian systems
  - Ticket 49241 - add symblic link location to db2bak.pl output
  - Ticket 49257 - Reject nsslapd-cachememsize & nsslapd-cachesize
    when nsslapd-cache-autosize is set
  - Ticket 48538 - Failed to delete old semaphore
  - Ticket 49231 - force EXTERNAL always
  - Ticket 49267 - autosize split of 0 results in dbcache of 0

-------------------------------------------------------------------
Wed Aug 30 12:29:40 UTC 2017 - bwiedemann@suse.com

- Add 389-ds-reproducible.patch not use build date in build num
  to make build reproducible (boo#1047218)

-------------------------------------------------------------------
Tue Aug 15 14:37:47 UTC 2017 - hguo@suse.com

- Introduce acl as mandatory runtime dependency.

-------------------------------------------------------------------
Tue Aug  8 14:37:00 UTC 2017 - hguo@suse.com

- Rename patch 389-ds-base-1.3.2.11_init_fhs.patch -> 0001-init_fhs.patch
- Fix faulty python module import with patch
  0002-use-python2-for-selinux-detection.patch
- Conduct a major clean-up of spec file to remove all outdated macros
- Introduce extra schema files from OpenLDAP distribution with
  extra-schema.tgz and LICENSE.openldap

-------------------------------------------------------------------
Sat May 27 08:46:54 UTC 2017 - mrueckert@suse.de

- update to 1.3.6.6
  - Ticket 49157 - fix error in ds-logpipe.py
  - Ticket 48864 - remove config.h from spal header.
  - Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework
    report format
  - Ticket 49261 - Fix script usage and man pages
  - Ticket 49238 - AddressSanitizer: heap-use-after-free in
    libreplication
  - Ticket 48864 - Fix FreeIPA build
  - Ticket 49257 - Reject dbcachesize updates while auto cache
    sizing is enabled
  - Ticket 49249 - cos_cache is erroneously logging schema checking
    failure
  - Ticket 49258 - Allow nsslapd-cache-autosize to be modified
    while the server is running
  - Ticket 49247 - resolve build issues on debian
  - Ticket 49246 - ns-slapd crashes in role cache creation
  - Ticket 49157 - ds-logpipe.py crashes for non-existing users
  - Ticket 49241 - Update man page and usage for db2bak.pl
  - Ticket 49075 - Adjust logging severity levels
  - Ticket 47662 - db2index not properly evaluating arguments
  - Ticket 48989 - fix perf counters
- changes from 1.3.6.5
  - Ticket 49231 - fix sasl mech handling
  - Ticket 49233 - Fix crash in persistent search
  - Ticket 49230 - slapi_register_plugin creates config entry where
    it should not
  - Ticket 49135 - PBKDF2 should determine rounds at startup
  - Ticket 49236 - Fix CI Tests
  - Ticket 48310 - entry distribution should be case insensitive
  - Ticket 49224 - without –prefix, $prefixdir would be NONE in
    defaults.
- drop 9563d299.patch: included upstream

-------------------------------------------------------------------
Fri May 19 10:32:03 UTC 2017 - mrueckert@suse.de

- added 9563d299.patch to fix building slapi-nis and freeipa

-------------------------------------------------------------------
Thu May 11 11:01:05 UTC 2017 - jengelh@inai.de

- Do not suppress errors from user/group creation.
  Add some safety quoting here and there.

-------------------------------------------------------------------
Thu Apr 27 21:02:04 UTC 2017 - mrueckert@suse.de

- update to 1.3.6.4
  - Ticket 49228 - Fix SSE4.2 detection.
  - Ticket 49229 - Correct issues in latest commits
  - Ticket 49226 - Memory leak in ldap-agent-bin
  - Ticket 49214 - Implement htree concept
  - Ticket 49119 - Cleanup configure.ac options and defines
  - Ticket 49097 - whitespace fixes for pblock change
  - Ticket 49097 - Pblock get/set cleanup
  - Ticket 49222 - Resolve various test issues on rawhide
  - Issue 48978 - Fix the emergency logging functions severity
    levels
  - Issue 49227 - ldapsearch for nsslapd-errorlog-level returns
    incorrect values
  - Ticket 49041 - nss won’t start if sql db type set
  - Ticket 49223 - Fix sds queue locking
  - Issue 49204 - Fix 32bit arch build failures
  - Issue 49204 - Need to update function declaration
  - Ticket 49204 - Fix lower bounds on import autosize + On small
    VM, autotune breaks the access of the suffixes
  - Issue 49221 - During an upgrade the provided localhost name is
    ignored
  - Issue 49220 - Remote crash via crafted LDAP messages (SECURITY
    FIX)
  - Ticket 49184 - Overflow in memberof
  - Ticket 48050 - Add account policy tests to plugins test suite
  - Ticket 49207 - Supply docker POC build for DS.
  - Issue 47662 - CLI args get removed
  - Issue 49210 - Fix regression when checking is password min age
    should be checked
  - Ticket 48864 - Add cgroup memory limit detection to 389-ds
  - Issue 48085 - Expand the repl acceptance test suite
  - Ticket 49209 - Hang due to omitted replica lock release
  - Ticket 48864 - Cleanup memory detection before we add cgroup
    support
  - Ticket 48864 - Cleanup up broken format macros and imports
  - Ticket 49153 - Remove vacuum lock on transaction cleanup
  - Ticket 49200 - provide minimal dse.ldif for python installer
  - Issue 49205 - Fix logconv.pl man page
  - Issue 49177 - Fix pkg-config file
  - Issue 49035 - dbmon.sh shows pages-in-use that exceeds the
    cache size
  - Ticket 48432 - Linux capabilities on ns-slapd
  - Ticket 49196 - Autotune generates crit messages
  - Ticket 49194 - Lower default ioblock timeout
  - Ticket 49193 - gcc7 warning fixes
  - Issue 49039 - password min age should be ignored if password
    needs to be reset
  - Ticket 48989 - Re-implement lock counter
  - Issue 49192 - Deleting suffix can hang server
  - Issue 49156 - Modify token :assert: to :expectedresults:
  - Ticket 48989 - missing return in counter
  - Ticket 48989 - Improve counter overflow fix
  - Ticket 49190 - Upgrade lfds to 7.1.1
  - Ticket 49187 - Fix attribute definition
  - Ticket 49185 - Fix memleak in compute init

-------------------------------------------------------------------
Fri Mar 24 13:42:40 UTC 2017 - mrueckert@suse.de

- update to 1.3.6.3
  This release contains security and bug fixes and a few
  enhancements.
  - Issue 49177 - rpm would not create valid pkgconfig files(pt2)
  - Issue 49186 - Fix NS to improve shutdown relability
  - Issue 49174 - nunc-stans can not use negative timeout
  - Issue 49076 - To debug DB_DEADLOCK condition, allow to reset
    DB_TXN_NOWAIT flag on txn_begin
  - Issue 49188 - retrocl can crash server at shutdown
  - Issue 47840 - Add setup_ds test suite
  - Fix srvcore version dependancy
  - Issue 48989 - Overflow in counters and monitor
  - Issue 49095 - targetattr wildcard evaluation is incorrectly
    case sensitive
  - Issue 49177 - rpm would not create valid pkgconfig files
  - Issue 49176 - Remove tcmalloc restriction from s390x
  - Issue 49157 - ds-logpipe.py crashes for non-existing users
  - Issue 49065 - dbmon.sh fails if you have
    nsslapd-require-secure-binds enabled
  - Issue 49095 - Fix double-free in _cl5NewDBFile() error path
  - Issue 49169 - Fix covscan errors(regression)
  - Issue 49172 - Fix test schema files
  - Issue 49171 - Nunc Stans incorrectly reports a timeout
  - Issue 49169 - Fix covscan errors
  - Issue 49164 - Change NS to acq-rel semantics for atomics
  - Issue 49154 - Nunc Stans stress should assert it has 95%
    success rate
  - Issue 49165 - pw_verify did not handle external auth
  - Issue 49062 - Reset agmt update staus and total init
  - Issue 49151 - Remove defunct selinux policy
- add BR for autoconf, autotool, libtool as upstream doesn't ship
  a prebuilt configure anymore
- import BR from nunc-stans as it is intree now:
  libtevent-devel libtalloc-devel libevent-devel
- added BR for doxygen to build doxygen
- enable auto-dn-suffix feature

-------------------------------------------------------------------
Mon Feb 20 12:49:23 UTC 2017 - mrueckert@suse.de

- fix build on factory: libsystemd-* libs got merged into libsystemd.

-------------------------------------------------------------------
Wed Dec 21 15:48:51 UTC 2016 - mrueckert@suse.de

- update to 1.3.5.15
  - bz1358565 - Clear and unsalted password types are vulnerable to
    timing attack (SECURITY FIX)
  - Ticket 49016 - (un)register/migration/remove may fail if there
    is no suffix on ‘userRoot’ backend
  - Ticket 48328 - Add missing dependency
  - Ticket 49009 - args debug logging must be more restrictive
  - Ticket 49014 - ns-accountstatus.pl shows wrong status for
    accounts inactivated by Account policy plugin
  - Ticket 47703 - remove search limit for aci group evaluation
  - Ticket 48909 - Replication stops working in FIPS mode
- changes in 1.3.5.14
  - Ticket 48992 - Total init may fail if the pushed schema is
    rejected
  - Ticket 48832 - Fix CI test suite for password min age
  - Ticket 48983 - Configure and Makefile.in from new default paths
    work.
  - Ticket 48983 - Configure and Makefile.in from new default paths
    work.
  - Ticket 48983 - generate install path info from autotools
    scripts
  - Ticket 48944 - on a read only replica invalid state info can
    accumulate
  - Ticket 48766 - use a consumer maxcsn only as anchor if supplier
    is more advanced
  - Ticket 48921 - CI Replication stress tests have limits set too
    low
  - Ticket 48969 - nsslapd-auditfaillog always has an explicit path
  - Ticket 48957 - Update repl-monitor to handle new status
    messages
  - Ticket 48832 - Fix CI tests
  - Ticket 48975 - Disabling CLEAR password storage scheme will
    crash server when setting a password
  - Ticket 48369 - Add CI test suite
  - Ticket 48970 - Serverside sorting crashes the server
  - Ticket 48972 - remove old pwp code that adds/removes ACIs
  - Ticket 48957 - set proper update status to replication
    agreement in case of failure
  - Ticket 48950 - Add systemd warning to the LD_PRELOAD example in
    /etc/sysconfig/dirsrv
  - provide backend dir in suffix template
  - Ticket 48953 - Skip labelling and unlabelling ports during the
    test
  - Ticket 48967 - Add CI test and refactor test suite
  - Ticket 48967 - passwordMinAge attribute doesn’t limit the
    minimum age of the password
  - Fix jenkins warnings about unused vars
  - Ticket 48402 - v3 allow plugins to detect a restore or import
  - Ticket #48969 - nsslapd-auditfaillog always has an explicit
    path
  - Ticket 48964 - cleanAllRUV changelog purging incorrectly
    processes all backends
  - Ticket 48965 - Fix building rpms using rpm.mk
  - Ticket 48965 - Fix generation of the pre-release version
  - Bugzilla 1368956 - man page of ns-accountstatus.pl shows
    redundant entries for -p port option
  - Ticket 48960 - Crash in import_wait_for_space_in_fifo().
  - Ticket 48832 - Fix more CI test failures
  - Ticket 48958 - Audit fail log doesn’t work if audit log
    disabled.
  - Ticket 48956 - ns-accountstatus.pl showing “activated” user
    even if it is inactivated
  - Ticket 48954 - replication fails because anchorcsn cannot be
    found
  - Ticket 48832 - Fix CI tests failures from jenkins server
  - Ticket 48950 - Change example in /etc/sysconfig/dirsrv to use
    tcmalloc

-------------------------------------------------------------------
Sat Nov 19 21:02:06 UTC 2016 - aj@ajaissle.de

- New upstream release 1.3.4.14

-------------------------------------------------------------------
Mon Sep  5 13:13:06 UTC 2016 - mrueckert@suse.de

- update to 1.3.5.13
  - CVE-2016-4992 389-ds-base: Information disclosure via repeated
    use of LDAP ADD operation, etc.
  - Ticket 47538 - Fix repl-monitor color and lag times
  - Ticket 47538 - repl-monitor.pl legend not properly sorted
  - Ticket 47538 - repl-monitor.pl not displaying correct color
    code for lag time
  - Ticket 47664 - Move CI test to the pr suite and refactor
  - Ticket 47824 - Remove CI test from tickets and add logging
  - Ticket 47911 - split out snmp agent into a subpackage
  - Ticket 47976 - Add fixed CI test case
  - Ticket 47982 - Fix log hr timestamps when invalid value is set
    in cn=config
  - Ticket 48109 - substring index with nssubstrbegin: 1 is not
    being used with filters like (attr=x*)
  - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the
    status of the directory server instance.
  - Ticket 48191 - Move CI test to the pr suite and refactor
  - Ticket 48234 - “matching rules” in ACI’s “bind rules not fully
    evaluated
  - Ticket 48234 - CI test: test case for ticket 48234
  - Ticket 48275 - search returns no entry when OR filter component
    contains non readable attribute
  - Ticket 48326 - Move CI test to config test suite and refactor
  - Ticket 48336 - Missing semanage dependency
  - Ticket 48336 - setup-ds should detect if port is already
    defined
  - Ticket 48346 - ldaputil code cleanup
  - Ticket 48346 - log too verbose when re-acquiring expired ticket
  - Ticket 48354 - Review of default ACI in the directory server
  - Ticket 48363 - CI test - add test suite
  - Ticket 48366 - proxyauth does not work bound as directory
    manager
  - Ticket 48404 - libslapd owned by libs and devel
  - Ticket 48449 - Import readNSState from richm’s repo
  - Ticket 48449 - Import readNSState.py from RichM’s repo
  - Ticket 48450 - Add prestart work around for systemd ask
    password
  - Ticket 48450 - Autotools components for
    ds_systemd_ask_password_acl
  - Ticket 48617 - Coverity fixes
  - Ticket 48636 - Fix config validation check
  - Ticket 48636 - Improve replication convergence
  - Ticket 48637 - DN cache is not always updated when ADD
    operation fails
  - Ticket 48743 - If a cipher is disabled do not attempt to look
    it up
  - Ticket 48745 - Matching Rule caseExactIA5Match indexes
    incorrectly values with upper cases
  - Ticket 48745 - Matching Rule caseExactIA5Match indexes
    incorrectly values with upper cases
  - Ticket 48747 - dirsrv service fails to start when
    nsslapd-listenhost is configured
  - Ticket 48752 - Page result search should return empty cookie if
    there is no returned entry
  - Ticket 48752 - Add CI test
  - Ticket 48754 - ldclt should support -H
  - Ticket 48755 - moving an entry could make the online init fail
  - Ticket 48755 - CI test: test case for ticket 48755
  - Ticket 48766 - Replication changelog can incorrectly skip over
    updates
  - Ticket 48767 - flow control in replication also blocks
    receiving results
  - Ticket 48795 - Make various improvements to create_test.py
  - Ticket 48799 - Test cases for objectClass values being dropped.
  - Ticket 48815 - ns-accountstatus.pl - fix DN normalization
  - Ticket 48832 - Fix timing and localhost issues
  - Ticket 48832 - CI tests
  - Ticket 48833 - 389 showing inconsistent values for shadowMax
    and shadowWarning in 1.3.5.1
  - Ticket 48834 - Fix jenkins: discared qualifier on auditlog.c
  - Ticket 48834 - Modifier’s name is not recorded in the audit log
    with modrdn and moddn operations
  - Ticket 48844 - Regression introduced in matching rules by DS
    48746
  - Ticket 48846 - 32 bit systems set low vmsize
  - Ticket 48846 - Older kernels do not expose memavailable
  - Ticket 48846 - Rlimit checks should detect RLIM_INFINITY
  - Ticket 48848 - modrdn deleteoldrdn can fail to find old
    attribute value, perhaps due to case folding
  - Ticket 48849 - Systemd introduced incompatible changes that
    breaks ds build
  - Ticket 48850 - Correct memory leaks in pwdhash-bin and ns-slapd
  - Ticket 48854 - Running db2index with no options breaks
    replication
  - Ticket 48855 - Add basic pwdPolicy tests
  - Ticket 48858 - Segfault changing nsslapd-rootpw
  - Ticket 48862 - At startup DES to AES password conversion causes
    timeout in start script
  - Ticket 48863 - remove check for vmsize from util_info_sys_pages
  - Ticket 48870 - Correct plugin execution order due to changes in
    exop
  - Ticket 48872 - Fix segfault and use after free in plugin
    shutdown
  - Ticket 48873 - Backend should accept the reduced cache
    allocation when issane == 1
  - Ticket 48877 - Fixes for RPM spec with spectool
  - Ticket 48880 - adding pre/post extop ability
  - Ticket 48882 - server can hang in connection list processing
  - Ticket 48889 - ldclt - fix man page and usage info
  - Ticket 48891 - ns-slapd crashes during the shutdown after
    adding attribute with a matching rule
  - Ticket 48892 - Wrong result code display in audit-failure log
  - Ticket 48893 - cn=config should not have readable components to
    anonymous
  - Ticket 48895 - tests package should be noarch
  - Ticket 48898 - Crash during shutdown if nunc-stans is enabled
  - Ticket 48899 - Values of dbcachetries/dbcachehits in cn=monitor
    could overflow.
  - Ticket 48900 - Add connection perf stats to logconv.pl
  - Ticket 48902 - Strdup pwdstoragescheme name to prevent
    misbehaving plugins
  - Ticket 48904 - syncrepl search returning error 329; plugin
    sending a bad error code
  - Ticket 48905 - coverity defects
  - Ticket 48912 - ntUserNtPassword schema
  - Ticket 48914 - db2bak.pl task enters infinitive loop when bak
    fs is almost full
  - Ticket 48916 - DNA Threshold set to 0 causes SIGFPE
  - Ticket 48918 - Upgrade to 389-ds-base >= 1.3.5.5 doesn’t
    install 389-ds-base-snmp
  - Ticket 48919 - Compiler warnings while building 389-ds-base on
    RHEL7
  - Ticket 48920 - Memory leak in pwdhash-bin
  - Ticket 48921 - Adding replication and reliability tests
  - Ticket 48922 - Fix crash when deleting backend while import is
    running
  - Ticket 48924 - Fixup tombstone task needs to set proper flag
    when updating tombstones
  - Ticket 48925 - slapd crash with SIGILL: Dsktune should detect
    lack of CMPXCHG16B
  - Ticket 48928 - log of page result cookie should log empty
    cookie with a different value than 0
  - Ticket 48930 - Paged result search can hang the server
  - Ticket 48934 - remove-ds.pl deletes an instance even if wrong
    prefix was specified
  - Ticket 48935 - Update dirsrv.systemd file
  - Ticket 48936 - Duplicate collation entries
  - Ticket 48939 - nsslapd-workingdir is empty when ns-slapd is
    started by systemd
  - Ticket 48940 - DS logs have warning:ancestorid not indexed
  - Ticket 48943 - When fine-grained policy is applied, a sub-tree
    has a priority over a user while changing password
  - Ticket 48943 - Add CI Test for the password test suite

-------------------------------------------------------------------
Wed Jun 29 13:11:38 UTC 2016 - mrueckert@suse.de

- update to 1.3.5.4
  - Ticket 48836 - replication session fails because of permission
    denied
  - Ticket 48837 - Replication: total init aborted
  - Ticket 48617 - Server ram checks work in isolation
  - Ticket 48220 - The “repl-monitor” web page does not display
    “year” in date.
  - Ticket 48829 - Add gssapi sasl replication bind test
  - Ticket 48497 - uncomment pytest from CI test
  - Ticket 48828 - db2ldif is not taking into account multiple
    suffixes or backends
  - Ticket 48818 - Fix case where return code is always -1
  - Ticket 48826 - 52updateAESplugin.pl may fail on older versions
    of perl
  - Ticket 48825 - Configure make generate invalid makefile
- changes from 1.3.5.3
  - Ticket 47536 - Allow usage of OpenLDAP libraries that don’t use
    NSS for crypto
  - Ticket 47536 - CI test: added test cases for ticket 47536
  - Ticket 47840 - default instance scripts if undefined.
  - Ticket 47888 - Add CI test
  - Ticket 47888 - DES to AES password conversion fails if a
    backend is empty
  - Ticket 47951 - Fix startpid from altering dev/null
  - Ticket 47968 - Disable journald logs by default
  - Ticket 47982 - HR Log timers, regression fix for subsystem
    logging
  - Ticket 48078 - CI test - paged_results - TET part
  - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the
    status of the directory server instance.
  - Ticket 48269 - ns-accountstatus status message improvement
  - Ticket 48342 - DNA: deadlock during DNA_EXTEND_EXOP_REQUEST_OID
  - Ticket 48342 - DNA Deadlock test cases
  - Ticket 48342 - Prevent transaction abort if a transaction has
    not begun
  - Ticket 48350 - Integrate ASAN into our rpm build process
  - Ticket 48374 - entry cache locks not released in error
    conditions
  - Ticket 48410 - 389-ds-base - Unable to remove / unregister a DS
    instance from admin server
  - Ticket 48447 - with-initddir should accept no
  - Ticket 48450 - Systemd password agent support
  - Ticket 48492 - heap corruption at schema replication.
  - Ticket 48597 - Deadlock when rebuilding the group of authorized
    replication managers
  - Ticket 48662 - db2index with no attribute args fail.
  - Ticket 48710 - auto-dn-suffix unrecognized option
  - Ticket 48769 - Fix white space in extendedop.c
  - Ticket 48769 - RFE: Be_txn extended operation plugin type
  - Ticket 48770 - Improve extended op plugin handling
  - Ticket 48775 - If nsSSL3 is on, even if SSL v3 is not really
    enabled, a confusing message is logged.
  - Ticket 48779 - Remove startpidfile check in start-dirsrv
  - Ticket 48781 - Vague error message: setup_ol_tls_conn - failed:
    unable to create new TLS context
  - Ticket 48782 - Make sure that when LDAP_OPT_X_TLS_NEWCTX is
    set, the value is set to zero.
  - Ticket 48783 - Fix ns-accountstatus.pl syntax error
  - Ticket 48784 - CI test: added test cases for ticket 48784
  - Ticket 48784 - Make the SSL version set to the client library
    configurable.
  - Ticket 48798 - Enable DS to offer weaker DH params in NSS
  - Ticket 48799 - objectclass values could be dropped on the
    consumer
  - Ticket 48800 - Cleaning up error buffers
  - Ticket 48801 - ASAN errors during tests
  - Ticket 48802 - Compilation warnings from clang
  - Ticket 48808 - Add test case
  - Ticket 48808 - Paged results search returns the blank list of
    entries
  - Ticket 48813 - password history is not updated when an admin
    resets the password
  - Ticket 48815 - ns-accountstatus.sh does handle DN’s with single
    quotes
  - Ticket 48818 - In docker, no one can hear your process hang.
  - Ticket 48822 - (389-ds-base-1.3.5) Fixing coverity issues.
  - Ticket 48824 - Cleanup rpm.mk and 389 specfile
- enable nunc-stans

-------------------------------------------------------------------
Fri Apr 29 00:51:36 UTC 2016 - mrueckert@suse.de

- should also define the username

-------------------------------------------------------------------
Fri Apr 29 00:27:43 UTC 2016 - mrueckert@suse.de

- fix building systemd stuff
- create user and home directory for it

-------------------------------------------------------------------
Thu Apr 14 01:52:13 UTC 2016 - mrueckert@suse.de

- limit gcc_security to TW. it enables compiler options not
  supported on leap e.g.

-------------------------------------------------------------------
Thu Apr 14 01:41:49 UTC 2016 - mrueckert@suse.de

- enable more gcc security features
- enable selinux
- fix the systemd options to actually pass some variable and also
  set the tmpfiles path

-------------------------------------------------------------------
Thu Apr 14 01:23:51 UTC 2016 - mrueckert@suse.de

- update to 1.3.5.1
  - Ticket 47982 - improve timestamp resolution in logs
  - Ticket 48759 - no plugin calls in tombstone purging
  - Ticket 48665 - Prevent sefault in
    ldbm_instance_modify_config_entry
  - Ticket 48757 - License tag does not match actual license of
    code
  - Ticket 48746 - Crash when indexing an attribute with a matching
    rule
  - Ticket 48497 - extended search without MR indexed attribute
    prevents later indexing with that MR
  - Ticket 48368 - Resolve the py.test conflicts with the
    create_test.py issue
  - Ticket 48748 - Fix memory_leaks test suite teardown failure
  - Ticket 48383 - import tasks with dynamic buffer sizes
  - Ticket 48420 - change severity of some messages related to
    "keep alive" entries
  - Ticket 48386 - Clean up dsktune code
  - Ticket 48537 - undefined reference to `abstraction_increment'
  - Ticket 48747 - dirsrv service fails to start when
    nsslapd-listenhost is configured
- changes from 1.3.5.0
  - Ticket 132   - Makefile.am must include header files and
    template scripts
  - Ticket 142   - [RFE] Default password syntax settings don't
    work with fine-grained policies
  - Ticket 548   - RFE: Allow AD password sync to update
    shadowLastChange
  - Ticket 47788 - Only check postop result if its a replication
    operation
  - Ticket 47840 - add configure option to disable instance
    specific scripts
  - Ticket 47968 - [RFE] Send logs to journald
  - Ticket 47977 - [RFE] Implement sd_notify mechanism
  - Ticket 48016 - search, matching rules and filter error
    "unsupported type 0xA9"
  - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the
    status of the directory server instance.
  - Ticket 48145 - RFE Add log file for rejected changes
  - Ticket 48147 - Unable to enable DS service for auto start
  - Ticket 48151 - Improve CleanAllRUV task logging
  - Ticket 48218 - cleanAllRUV - modify the existing "force" option
    to bypass the "replica online" checks
  - Ticket 48244 - No validation check for the value for
    nsslapd-db-locks.
  - Ticket 48257 - Fix coverity issues - 08/24/2015
  - Ticket 48263 - allow plugins to detect tombstone operations
  - Ticket 48269 - RFE: need an easy way to detect locked accounts
    locked by inactivity.
  - Ticket 48270 - fail to index an attribute with a specific
    matching rule/48269
  - Ticket 48280 - enable logging of internal ops in the audit log
  - Ticket 48285 - The dirsrv user/group should be created in rpm
    %pre, and ideally with fixed uid/gid
  - Ticket 48289 - 389-ds-base: ldclt-bin killed by SIGSEGV
  - Ticket 48290 - No man page entry for - option '-u' of dbgen.pl
    for adding group entries with uniquemembers
  - Ticket 48294 - Linked Attributes plug-in - won't update links
    after MODRDN operation
  - Ticket 48295 - Entry cache is not rolled back -- Linked
    Attributes plug-in - wrong behaviour when adding valid and
    broken links
  - Ticket 48311 - nunc-stans: Attempt to release connection that
    is not acquired
  - Ticket 48317 - SELinux port labeling retry attempts are
    excessive
  - Ticket 48326 - [RFE] it could be nice to have
    nsslapd-maxbersize default to bigger than 2Mb
  - Ticket 48350 - configure.ac add options for debbuging and
    security analysis / hardening.
  - Ticket 48351 - Fix buffer overflow error when reading url with
    len 0
  - Ticket 48363 - Support for rfc3673 '+' to return operational
    attributes
  - Ticket 48369 - [RFE] response control for password age should
    be sent by default by RHDS
  - Ticket 48384 - Server startup should warn about values
    consuming too much ram
  - Ticket 48387 - ASAN invalid read in cos_cache.c
  - Ticket 48394 - lower password history minimum to 1
  - Ticket 48395 - ASAN - Use after free in uiduniq 7bit.c
  - Ticket 48398 - Coverity defect 13352 - Resource leak in
    auditlog.c
  - Ticket 48400 - ldclt - segmentation fault error while binding
  - Ticket 48445 - keep alive entries can break replication
  - Ticket 48446 - logconv.pl displays negative operation speeds
  - Ticket 48566 - acl.c attrFilterArray maybe uninitialised.
  - Ticket 48662 - db2index with no attribute args fail.

-------------------------------------------------------------------
Tue Mar  1 16:39:06 UTC 2016 - claes.backstrom@opensuse.org

- Update to new upstream release 1.3.4.8
  * Various bugs are fixed 

-------------------------------------------------------------------
Fri Nov 20 10:49:42 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.4.5
  * Various bugs are fixed

-------------------------------------------------------------------
Mon Sep 14 08:50:01 UTC 2015 - hguo@suse.com

- Upgrade from 1.3.3.13 to 1.3.4.4 with accumulated bugfixes.

-------------------------------------------------------------------
Wed Sep  9 11:07:09 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.3.13
- Removed 389-ds-1.3.3.11-CVE-2015-3230.patch (included upstream)

-------------------------------------------------------------------
Wed Jun 17 09:38:48 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.3.11
- Added 389-ds-1.3.3.11-CVE-2015-3230.patch:
  nsSSL3Ciphers preference not enforced on server side
  [boo#934934] [CVE-2015-3230]

-------------------------------------------------------------------
Wed Apr 29 10:17:58 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.3.10
  * One important security bug was fixed:
    Bug 1216203 - CVE-2015-1854 389ds-base: access control bypass with modrdn

-------------------------------------------------------------------
Wed Apr 15 09:05:08 UTC 2015 - jengelh@inai.de

- Simplify filelist

-------------------------------------------------------------------
Mon Apr 13 19:30:00 UTC 2015 - aj@ajaissle.de

- Move bin/ and sbin/ to /usr/lib/389-ds/bin resp. sbin/
- Removed conflict with atheme

-------------------------------------------------------------------
Sat Mar 28 10:34:43 UTC 2015 - aj@ajaissle.de

- Update to new upstream release 1.3.3.9
  * Several bugs are fixed including 2 security bugs
    Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all]
    Ticket 47431 - Duplicate values for the attribute nsslapd-pluginarg are not handled correctly
    Ticket 47451 - dynamic plugins - fix crash caused by invalid plugin config
    Ticket 47728 - compilation failed with ' incomplete struct/union/enum' if not set USE_POSIX_RWLOCKS
    Ticket 47742 - 64bit problem on big endian: auth method not supported
    Ticket 47801 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown
    Ticket 47828 - DNA scope: allow to exlude some subtrees
    Ticket 47836 - Do not return '0' as empty fallback value of nsds5replicalastupdatestart and nsds5replicalastupdatestart
    Ticket 47901 - After total init, nsds5replicaLastInitStatus can report an erroneous error status (like 'Referral')
    Ticket 47936 - Create a global lock to serialize write operations over several backends
    Ticket 47957 - Make ReplicaWaitForAsyncResults configurable
    Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD
    Ticket 48003 - add template scripts
    Ticket 48003 - build "suite" framework
    Ticket 48005 - ns-slapd crash in shutdown phase
    Ticket 48021 - nsDS5ReplicaBindDNGroup checkinterval not working properly
    Ticket 48027 - revise the rootdn plugin configuration validation
    Ticket 48030 - spec file should run "systemctl stop" against each running instance instead of dirsrv.target
    Ticket 48048 - Fix coverity issues - 2015/2/24
    Ticket 48048 - Fix coverity issues - 2015/3/1
    Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*)

-------------------------------------------------------------------
Wed Dec 24 21:05:17 UTC 2014 - aj@ajaissle.de

- Conflicts with atheme -- /usr/sbin/dbverify

-------------------------------------------------------------------
Tue Dec  9 15:41:21 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.3.5
* Several bugs are fixed.

-------------------------------------------------------------------
Tue Sep  9 09:50:20 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.3.0
* First cut of 389-ds-base-1.3.3.x

-------------------------------------------------------------------
Fri Aug 29 10:38:51 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.2.23
* Various bugs were fixed

- Highlights since 1.3.2.16:
* Important bugs including memory leaks and crash bugs were fixed
  (1.3.2.17)
* Various bugs were fixed (1.3.2.18)
* Various bugs were fixed (1.3.2.19)
* A security bug was fixed (1.3.2.22)

-------------------------------------------------------------------
Thu Mar 27 12:20:23 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.2.16
* Directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind 
* Create a normalized dn cache
* Replication retry time attributes cannot be added
* Empty control list causes LDAP protocol error is thrown (dup 47361)
* Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version
* Windows Sync group issues
* Size returned by slapi_entry_size is not accurate
* Single valued attribute replicated ADD does not work
* Environment variables are not passed when DS is started via service
* Propagate plugin precedence to all registered function types
* Unresolved external symbol references break loading of the ACL plugin
* Package issue in 389-ds-base

- Fix unresolveable 'Requires:'
* perl(Mozilla:LDAP) -> perl(Mozilla::LDAP::API), perl(Mozilla::LDAP::Conn),
  perl(Mozilla::LDAP::Entry), perl(Mozilla::LDAP::LDIF), perl(Mozilla::LDAP::Utils)
* cyrus-sasl-md5 -> cyrus-sasl-digestmd5

- Macros for dirsrv-snmp in pre/post/preun/postun

-------------------------------------------------------------------
Mon Feb 17 08:59:04 UTC 2014 - aj@ajaissle.de

- Update to new upstream release 1.3.2.11
* Enhancement: ACL supports new keyword SELFDN as in "<userattr> =
  <attribute>#SELFDN" to allow users to create entries assigned to
  themselves. Also handling subtype in ACL is improved.
* A dozen of bugs are fixed including a crash bug and a deadlock. 

- Spec cleanup
* enable init scripts for openSUSE < 1220 (e.g. SLES)
* dirsrv.target.wants goes into unitdir
* Added a 389-ds-rpmlintrc

- Added 389-ds-base-1.3.2.11_init_fhs.patch
* Make init scripts LSB conform

-------------------------------------------------------------------
Fri Dec 27 02:28:55 UTC 2013 - jengelh@inai.de

- Update to new upstream release 1.3.2.10
* Suffixes used in the memberof and referential integrity plug-ins
  are now configurable.
* The hard-coded limit of 64 masters was removed.
* Enhancements: plug-in library path validation, replication
  logging, changelog trimming interval, and referential integrity.

-------------------------------------------------------------------
Fri Aug  2 10:05:12 UTC 2013 - jengelh@inai.de

- Update to new upstream release 1.3.1.5
* Plug-in transaction support
* Normalized DN cache
* Configurable allowed SASL mechanisms
* SASL mapping improvements
* Configurable SASL buffer
* Replication retry settings
* Instance script improvements
* Access log analyzer improvements
* Performance improvements 

-------------------------------------------------------------------
Mon Mar 11 11:47:45 UTC 2013 - jengelh@inai.de

- Update to new upstream release 1.3.0.3
* No NEWS file available; SCM changelog entries at
  http://port389.org/wiki/Releases/1.3.0.2#New_features_.2F_Fixed_bugs_in_1.3.0

-------------------------------------------------------------------
Wed Sep 26 11:06:01 UTC 2012 - jengelh@inai.de

- Update to new upstream release 1.2.11.15
* This is a bugfix release to CLEANALLRUV, userpassword,
  schema reloading and others.

-------------------------------------------------------------------
Mon Sep 17 09:26:12 UTC 2012 - jengelh@inai.de

- Initial package (version 1.2.11.12) for build.opensuse.org
openSUSE Build Service is sponsored by