File 389-ds.changes of Package 389-ds
-------------------------------------------------------------------
Wed Oct 24 20:52:56 UTC 2018 - aj@ajaissle.de
- Update to 1.3.4.15
Detailed Changelog since 1.3.4.14
* Ticket 48909 - Replication stops working in FIPS mode
* Ticket 48975 - Disabling CLEAR password storage scheme will crash server when setting a password
* Ticket 48970 - Serverside sorting crashes the server
* Ticket 48882 - server can hang in connection list processing
* Ticket 48972 - remove old pwp code that adds/removes ACIs
* Ticket 48964 - cleanAllRUV changelog purging incorrectly processes all backends
* Ticket 48960 - Crash in import_wait_for_space_in_fifo().
* Ticket 48954 - replication fails because anchorcsn cannot be found
- Update to 1.3.4.14
Detailed Changelog since 1.3.4.9
* CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.
* Ticket 47538 - Fix repl-monitor color and lag times
* Ticket 47538 - repl-monitor.pl legend not properly sorted
* Ticket 47538 - repl-monitor.pl not displaying correct color code for lag time
* Ticket 47819 - RFE - improve tombstone purging performance
* Ticket 47888 - DES to AES password conversion fails if a backend is empty
* Ticket 47888 - Add CI test
* Ticket 48078 - CI test - paged_results - TET part
* Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*)
* Ticket 48492 - heap corruption at schema replication.
* Ticket 48497 - uncomment pytest from CI test
* Ticket 48636 - Fix config validation check
* Ticket 48636 - Improve replication convergence
* Ticket 48752 - Page result search should return empty cookie if there is no returned entry
* Ticket 48752 - Add CI test
* Ticket 48755 - moving an entry could make the online init fail
* Ticket 48766 - Replication changelog can incorrectly skip over updates
* Ticket 48767 - flow control in replication also blocks receiving results
* Ticket 48795 - Make various improvements to create_test.py
* Ticket 48798 - Enable DS to offer weaker DH params in NSS
* Ticket 48799 - objectclass values could be dropped on the consumer
* Ticket 48799 - Test cases for objectClass values being dropped.
* Ticket 48808 - Add test case
* Ticket 48808 - Paged results search returns the blank list of entries
* Ticket 48813 - password history is not updated when an admin resets the password
* Ticket 48848 - modrdn deleteoldrdn can fail to find old attribute value, perhaps due to case folding
* Ticket 48854 - Running db2index with no options breaks replication
* Ticket 48862 - At startup DES to AES password conversion causes timeout in start script
* Ticket 48889 - ldclt - fix man page and usage info
* Ticket 48898 - Crash during shutdown if nunc-stans is enabled
* Ticket 48900 - Add connection perf stats to logconv.pl
* Ticket 48922 - Fix crash when deleting backend while import is running
* Ticket 48924 - Fixup tombstone task needs to set proper flag when updating tombstones
* Ticket 48930 - Paged result search can hang the server
* Ticket 48935 - Update dirsrv.systemd file
- Update to 1.3.4.9
Detailed Changelog since 1.3.4.8
* Ticket 48759 - no plugin calls in tombstone purging
* Ticket 48757 - License tag does not match actual license of code
* Ticket 48746 - Crash when indexing an attribute with a matching rule
* ticket 48497 - extended search without MR indexed attribute prevents later indexing with that MR
* Ticket 48368 - Resolve the py.test conflicts with the create_test.py issue
* Ticket 48420 - change severity of some messages related to “keep alive” entries
* Ticket 48748 - Fix memory_leaks test suite teardown failure
* Ticket 48270 - fail to index an attribute with a specific matching rule
- Update to 1.3.4.8
Detailed Changelog since 1.3.4.5:
* Ticket 47788 - Supplier can skip a failing update, although it should retry
* Ticket 48289 - 389-ds-base: ldclt-bin killed by SIGSEGV
* Ticket 48305 - perl module conditional test is not conditional when checking SELinux policies
* Ticket 48312 - Crash when doing modrdn on managed entry
* Ticket 48332 - allow users to specify to relax the FQDN constraint
* Ticket 48341 - deadlock on connection mutex
* Ticket 48362 - With exhausted range, part of DNA shared configuration is deleted after server restart
* Ticket 48369 - RFE - Add config setting to always send the password expiring time
* Ticket 48370 - The ‘eq’ index does not get updated properly when deleting and re-adding attributes in the same modify operation
* Ticket 48375 - SimplePagedResults – in the search error case, simple paged results slot was not released.
* Ticket 48388 - db2ldif -r segfaults from time to time
* Ticket 48406 - Avoid self deadlock by PR_Lock(conn->c_mutex)
* Ticket 48412 - worker threads do not detect abnormally closed connections
* Ticket 48445 - keep alive entries can break replication
* Ticket 48448 - dirsrv start-stop fail in certain shell environments.
* Ticket 48492 - heap corruption at schema replication.
* Ticket 48536 - Crash in slapi_get_object_extension
- Dropped upstream-included patches:
* 0001-Ticket-48375-SimplePagedResults-in-the-search-error-.patch
* 0002-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
* 0003-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch
* 0004-Subject-PATCH-1-2-Bug-1347760-CVE-2016-4992-389-ds-b.patch
* 0005-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
* 0006-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
* 0014-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
-------------------------------------------------------------------
Tue Dec 5 10:30:21 UTC 2017 - hguo@suse.com
- Cherry pick upstream CVE fixes:
* 0001-Ticket-48375-SimplePagedResults-in-the-search-error-.patch
* 0002-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
* 0003-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch
* 0004-Subject-PATCH-1-2-Bug-1347760-CVE-2016-4992-389-ds-b.patch
* 0005-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
* 0006-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
* 0007-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
* 0008-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
* 0009-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
* 0010-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
* 0011-Ticket-48986-47808-triggers-overflow-in-uiduniq.c.patch
* 0012-Ticket-49336-SECURITY-1.3.5.x-Locked-account-provide.patch
* 0013-Fix-for-cve-2017-2668-Remote-crash-via-crafted-LDAP-.patch
* 0014-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
For bsc#1051997, bsc#1007004, bsc#1020670, bsc#1069074, bsc#1069067,
bsc#997256 that correspond to CVE-2017-7551, CVE-2016-5405,
CVE-2017-2668, CVE-2017-2668, CVE-2016-4992.
-------------------------------------------------------------------
Fri Nov 20 10:49:42 UTC 2015 - aj@ajaissle.de
- Update to new upstream release 1.3.4.5
* Various bugs are fixed
-------------------------------------------------------------------
Mon Sep 14 08:50:01 UTC 2015 - hguo@suse.com
- Upgrade from 1.3.3.13 to 1.3.4.4 with accumulated bugfixes.
-------------------------------------------------------------------
Wed Sep 9 11:07:09 UTC 2015 - aj@ajaissle.de
- Update to new upstream release 1.3.3.13
- Removed 389-ds-1.3.3.11-CVE-2015-3230.patch (included upstream)
-------------------------------------------------------------------
Wed Jun 17 09:38:48 UTC 2015 - aj@ajaissle.de
- Update to new upstream release 1.3.3.11
- Added 389-ds-1.3.3.11-CVE-2015-3230.patch:
nsSSL3Ciphers preference not enforced on server side
[boo#934934] [CVE-2015-3230]
-------------------------------------------------------------------
Wed Apr 29 10:17:58 UTC 2015 - aj@ajaissle.de
- Update to new upstream release 1.3.3.10
* One important security bug was fixed:
Bug 1216203 - CVE-2015-1854 389ds-base: access control bypass with modrdn
-------------------------------------------------------------------
Wed Apr 15 09:05:08 UTC 2015 - jengelh@inai.de
- Simplify filelist
-------------------------------------------------------------------
Mon Apr 13 19:30:00 UTC 2015 - aj@ajaissle.de
- Move bin/ and sbin/ to /usr/lib/389-ds/bin resp. sbin/
- Removed conflict with atheme
-------------------------------------------------------------------
Sat Mar 28 10:34:43 UTC 2015 - aj@ajaissle.de
- Update to new upstream release 1.3.3.9
* Several bugs are fixed including 2 security bugs
Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all]
Ticket 47431 - Duplicate values for the attribute nsslapd-pluginarg are not handled correctly
Ticket 47451 - dynamic plugins - fix crash caused by invalid plugin config
Ticket 47728 - compilation failed with ' incomplete struct/union/enum' if not set USE_POSIX_RWLOCKS
Ticket 47742 - 64bit problem on big endian: auth method not supported
Ticket 47801 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown
Ticket 47828 - DNA scope: allow to exlude some subtrees
Ticket 47836 - Do not return '0' as empty fallback value of nsds5replicalastupdatestart and nsds5replicalastupdatestart
Ticket 47901 - After total init, nsds5replicaLastInitStatus can report an erroneous error status (like 'Referral')
Ticket 47936 - Create a global lock to serialize write operations over several backends
Ticket 47957 - Make ReplicaWaitForAsyncResults configurable
Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD
Ticket 48003 - add template scripts
Ticket 48003 - build "suite" framework
Ticket 48005 - ns-slapd crash in shutdown phase
Ticket 48021 - nsDS5ReplicaBindDNGroup checkinterval not working properly
Ticket 48027 - revise the rootdn plugin configuration validation
Ticket 48030 - spec file should run "systemctl stop" against each running instance instead of dirsrv.target
Ticket 48048 - Fix coverity issues - 2015/2/24
Ticket 48048 - Fix coverity issues - 2015/3/1
Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*)
-------------------------------------------------------------------
Wed Dec 24 21:05:17 UTC 2014 - aj@ajaissle.de
- Conflicts with atheme -- /usr/sbin/dbverify
-------------------------------------------------------------------
Tue Dec 9 15:41:21 UTC 2014 - aj@ajaissle.de
- Update to new upstream release 1.3.3.5
* Several bugs are fixed.
-------------------------------------------------------------------
Tue Sep 9 09:50:20 UTC 2014 - aj@ajaissle.de
- Update to new upstream release 1.3.3.0
* First cut of 389-ds-base-1.3.3.x
-------------------------------------------------------------------
Fri Aug 29 10:38:51 UTC 2014 - aj@ajaissle.de
- Update to new upstream release 1.3.2.23
* Various bugs were fixed
- Highlights since 1.3.2.16:
* Important bugs including memory leaks and crash bugs were fixed
(1.3.2.17)
* Various bugs were fixed (1.3.2.18)
* Various bugs were fixed (1.3.2.19)
* A security bug was fixed (1.3.2.22)
-------------------------------------------------------------------
Thu Mar 27 12:20:23 UTC 2014 - aj@ajaissle.de
- Update to new upstream release 1.3.2.16
* Directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind
* Create a normalized dn cache
* Replication retry time attributes cannot be added
* Empty control list causes LDAP protocol error is thrown (dup 47361)
* Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version
* Windows Sync group issues
* Size returned by slapi_entry_size is not accurate
* Single valued attribute replicated ADD does not work
* Environment variables are not passed when DS is started via service
* Propagate plugin precedence to all registered function types
* Unresolved external symbol references break loading of the ACL plugin
* Package issue in 389-ds-base
- Fix unresolveable 'Requires:'
* perl(Mozilla:LDAP) -> perl(Mozilla::LDAP::API), perl(Mozilla::LDAP::Conn),
perl(Mozilla::LDAP::Entry), perl(Mozilla::LDAP::LDIF), perl(Mozilla::LDAP::Utils)
* cyrus-sasl-md5 -> cyrus-sasl-digestmd5
- Macros for dirsrv-snmp in pre/post/preun/postun
-------------------------------------------------------------------
Mon Feb 17 08:59:04 UTC 2014 - aj@ajaissle.de
- Update to new upstream release 1.3.2.11
* Enhancement: ACL supports new keyword SELFDN as in "<userattr> =
<attribute>#SELFDN" to allow users to create entries assigned to
themselves. Also handling subtype in ACL is improved.
* A dozen of bugs are fixed including a crash bug and a deadlock.
- Spec cleanup
* enable init scripts for openSUSE < 1220 (e.g. SLES)
* dirsrv.target.wants goes into unitdir
* Added a 389-ds-rpmlintrc
- Added 389-ds-base-1.3.2.11_init_fhs.patch
* Make init scripts LSB conform
-------------------------------------------------------------------
Fri Dec 27 02:28:55 UTC 2013 - jengelh@inai.de
- Update to new upstream release 1.3.2.10
* Suffixes used in the memberof and referential integrity plug-ins
are now configurable.
* The hard-coded limit of 64 masters was removed.
* Enhancements: plug-in library path validation, replication
logging, changelog trimming interval, and referential integrity.
-------------------------------------------------------------------
Fri Aug 2 10:05:12 UTC 2013 - jengelh@inai.de
- Update to new upstream release 1.3.1.5
* Plug-in transaction support
* Normalized DN cache
* Configurable allowed SASL mechanisms
* SASL mapping improvements
* Configurable SASL buffer
* Replication retry settings
* Instance script improvements
* Access log analyzer improvements
* Performance improvements
-------------------------------------------------------------------
Mon Mar 11 11:47:45 UTC 2013 - jengelh@inai.de
- Update to new upstream release 1.3.0.3
* No NEWS file available; SCM changelog entries at
http://port389.org/wiki/Releases/1.3.0.2#New_features_.2F_Fixed_bugs_in_1.3.0
-------------------------------------------------------------------
Wed Sep 26 11:06:01 UTC 2012 - jengelh@inai.de
- Update to new upstream release 1.2.11.15
* This is a bugfix release to CLEANALLRUV, userpassword,
schema reloading and others.
-------------------------------------------------------------------
Mon Sep 17 09:26:12 UTC 2012 - jengelh@inai.de
- Initial package (version 1.2.11.12) for build.opensuse.org
