<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch upstream
at <a href="https://salsa.debian.org/freeipa-team/389-ds-base">FreeIPA packaging / 389-ds-base</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/d641e8528f0106f15120a97b9fdbc91cdadfa810">d641e852</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-01-26T11:18:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 5442 - Search results are different between RHDS10 and RHDS11
Bug Description: In 1.4.x we introduced a change that was overly strict about
how a search on a non-existent subtree returned its error code.
It was changed from returning an error 32 to an error 0 with
zero entries returned.
Fix Description: When finding the entry and processing acl's make sure to
gather the aci's that match the resource even if the resource
does not exist. This requires some extra checks when processing
the target attribute.
relates: https://github.com/389ds/389-ds-base/issues/4542
Reviewed by: firstyear, elkris, and tbordaz (Thanks!)
Apply Thierry's changes
round 2
Apply more suggestions from Thierry
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/14f67ebebe70ea7d29e5f5a37c69698600d509f6">14f67ebe</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-01-26T18:08:28+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569)
Bug description:
The entry cache is protected with recursive mutex. Currently it is
implemented using PR_Monitor (NSPR). When the entry cache mutex
becomes the bottleneck (for example base search searchrate on
the same entry), using pthread recursive mutex gives 8% benefit.
Fix description:
Changing the c_mutex from PR_Monitor to pthread recursive mutex
relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: Mark Reynolds, Simon Pichugin
Platforms tested: F31</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/96edca86a2cbb028b2723df20a37ed8799d65afa">96edca86</a></strong>
<div>
<span>by James Chapman</span>
<i>at 2021-01-27T09:56:38+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4396 - Minor memory leak in backend (#4558) (#4572)
Bug Description: As multiple suffixes per backend were no longer used, this
functionality has been replaced with a single suffix per backend. Legacy
code remains that adds multiple suffixes to the dse internal backend,
resulting in memory allocations that are lost.
Also a minor typo is corrected in backend.c
Fix Description: Calls to be_addsuffix on the DSE backend are removed
as they are never used.
Fixes: https://github.com/389ds/389-ds-base/issues/4396
Reviewed by: mreynolds389, Firstyear, droideck (Thank you)</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/9f9eb91e2859ea9f4885725f888b7b142c861001">9f9eb91e</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-01-27T12:40:34+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553)
Bug description:
When an operation complete, it was retrieved in the pending list with
the address of the Operation structure. In case of POST OP nested operations
the same address can be reused. So when completing an operation there could be
a confusion which operation actually completed.
A second problem is that if an update its DB_DEADLOCK, the BETXN_PREOP can
be called several times. During retry, the operation is already in the pending
list.
Fix description:
The fix defines a new operation extension (sync_persist_extension_type).
This operation extension contains an index (idx_pl) of the op_pl in the
the pending list.
And additional safety fix is to dump the pending list in case it becomes large (>10).
The pending list is dumped with SLAPI_LOG_PLUGIN.
When there is a retry (operation extension exists) the call to sync_update_persist_betxn_pre_op
becomes a NOOP: the operation is not added again in the pending list.
relates: https://github.com/389ds/389-ds-base/issues/4526
Reviewed by: William Brown (Thanks !!)
Platforms tested: F31 & F33</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/900e6fdcf152dd696b5ae189cb1d7c67ab143bae">900e6fdc</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-01-28T10:46:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/75ef66b409df352b44549a9128dc7b32056aca82">75ef66b4</a></strong>
<div>
<span>by progier389</span>
<i>at 2021-02-01T12:32:24+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4579 - libasan detects heap-use-after-free in URP test (#4584)
(cherry picked from commit 64167696080eb664c5bc4f00ff10412a9ad8cc2c)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/7b681e1da76a2c4a56c28373f387b815a1a3c244">7b681e1d</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-02-02T11:28:36-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bump version to 1.4.4.12
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/71cb9030341029a4aec5354dfa053bcf359f2080">71cb9030</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-02-10T09:33:10-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4609 - CVE - info disclosure when authenticating
Description: If you bind as a user that does not exist. Error 49 is returned
instead of error 32. As error 32 discloses that the entry does
not exist. When you bind as an entry that does not have userpassword
set then error 48 (inappropriate auth) is returned, but this
discloses that the entry does indeed exist. Instead we should
always return error 49, even if the password is not set in the
entry. This way we do not disclose to an attacker if the Bind
DN exists or not.
Relates: https://github.com/389ds/389-ds-base/issues/4609
Reviewed by: tbordaz(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/8d40f27845fd6a8374ab38de99e3094a770f37d6">8d40f278</a></strong>
<div>
<span>by Simon Pichugin</span>
<i>at 2021-02-12T13:15:13+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
Description: RHDS instance will fail to start if the TLS server
certificate nickname doesn't match the value of the configuration
parameter "nsSSLPersonalitySSL".
The mismatch typically happens when customers copy the NSS DB from
a previous instance or export the certificate's data but forget to set
the "nsSSLPersonalitySSL" value accordingly.
Log an additional message which should help a user to set up
nsSSLPersonalitySSL correctly.
Fixes: #4593
Reviewed by: @Firstyear (Thanks!)</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/d4c2ab3888d2a42364ec0b0df01303b09499ef8b">d4c2ab38</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-02-12T12:32:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4324 - Some architectures the cache line size file does not exist
Bug Description: When optimizing our mutexes we check for a system called
coherency_line_size that contains the size value, but if
the file did not exist the server would crash in PR_Read
(NULL pointer for fd).
Fix Description: Check PR_Open() was successfully before calling PR_Read().
Relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: tbordaz(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/b8c4510b19e1e4bb82c5b895e268f02b77582ce7">b8c4510b</a></strong>
<div>
<span>by Firstyear</span>
<i>at 2021-02-12T14:22:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
Bug Description: Improve the --help page, and finish wiring in some
features.
Fix Description: Wire in exclusion of attributes/schema for migration.
fixes: https://github.com/389ds/389-ds-base/issues/4591
Author: William Brown <william@blackhats.net.au>
Review by: @mreynolds389, @droideck</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/ffa4563dd3fa5301a89c29e4d8abe6e132b93ed8">ffa4563d</a></strong>
<div>
<span>by Jack</span>
<i>at 2021-02-12T14:28:15-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update dscontainer (#4564)
Issue 4564 - RFE - Add suffix to dscontainer rc file
Bug Description: The suffix was not added before, adding a hurdle to
automatic admin of the container instance
Fix Description: If the suffix is set, add it to the created rc file.
fixes: https://github.com/389ds/389-ds-base/pull/4564
Author: @Jackbennett
Review by: @Firstyear </pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/6841d693fcec1636cc3ba7a9be58b4e1b276400a">6841d693</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-02-12T14:32:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bump version to 1.4.4.13
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/6fcdfad7895fa2385b0e198f3e8c2de7ba927887">6fcdfad7</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-02-12T15:13:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4615 - log message when psearch first exceeds max threads per conn
Desciption: When a connection hits max threads per conn for the first time
log a message in the error. This will help customers diagnosis
misbehaving clients.
Fixes: https://github.com/389ds/389-ds-base/issues/4615
Reviewed by: progier389(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/482598319f8f3820e7a8eebb13b8ffdf087a47d9">48259831</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-02-12T15:16:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4619 - remove pytest requirement from lib389
Description: Remove the requirement for pytest from lib389, it causes
unneeded package requirements on Fedora/RHEL.
Fixes: https://github.com/389ds/389-ds-base/issues/4619
Reviewed by: mreynolds(one line commit rule)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/4e3b2d316af67b02adb7fa4be6dd9bb2687e6d17">4e3b2d31</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-02-17T20:15:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4513 - CI - make acl ip address tests more robust
Description: The tests aumme the system is using IPv6 loopback address, but it
should still check for IPv4 loopback.
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: ?
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/58725517a7b68daa518a3f67051980f34771b982">58725517</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-02-23T10:24:04+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
Bug description:
When an operation is flagged OP_FLAG_NOOP, it skips BETXN plugins but calls POST plugins.
For sync_repl, betxn (sync_update_persist_betxn_pre_op) creates an operation extension to be
consumed by the post (sync_update_persist_op). In case of OP_FLAG_NOOP, there is no
operation extension.
Fix description:
Test that the operation is OP_FLAG_NOOP if the operation extension is missing
relates: https://github.com/389ds/389-ds-base/issues/4649
Reviewed by: William Brown (thanks)
Platforms tested: F31</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/3687e1cae6d6931b1c250fd8186b0da202870ec5">3687e1ca</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-02-23T13:43:44+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
Bug description:
The replication agreements are using bulk load to load updates.
For bulk load it uses a cursor with DB_MULTIPLE_KEY and DB_NEXT.
Before using the cursor, it must be initialized with DB_SET.
If during the cursor/DB_SET the CSN refers to an update that is larger than
the size of the provided buffer, then the cursor remains not initialized and
c_get returns DB_BUFFER_SMALL.
The consequence is that the next c_get(DB_MULTIPLE_KEY and DB_NEXT) will return the
first record in the changelog DB. This break CLcache.
Fix description:
The fix is to harden cursor initialization so that if DB_SET fails
because of DB_BUFFER_SMALL. It reallocates buf_data and retries a DB_SET.
If DB_SET can not be initialized it logs a warning.
The patch also changes the behaviour of the fix #4492.
#4492 detected a massive (1day) jump prior the starting csn and ended the
replication session. If the jump was systematic, for example
if the CLcache got broken because of a too large updates, then
replication was systematically stopped.
This patch suppress the systematically stop, letting RA doing a big jump.
From #4492 only remains the warning.
relates: https://github.com/389ds/389-ds-base/issues/4644
Reviewed by: Pierre Rogier (Thanks !!!!)
Platforms tested: F31</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/e86389b4c28cc3e81f96e21bbc97ade902907f2d">e86389b4</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-02-23T11:53:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4646 - CLI/UI - revise DNA plugin management
Bug Description:
There was a false assumption that you have to create the shared DNA
server configuration entry, but in fact the server creates and manages
this entry. The only thing you should edit in this entry are the
remote Bind Method and Connection Protocol.
Fix Description:
Remove the options to create the shared config entry, and edit the
core/reserved attributes.
Also fixed some issues where we were not showing CLI plugin output in
proper JSON. This required some changes to the UI as well.
Relates: https://github.com/389ds/389-ds-base/issues/4646
Reviewed by: spichugi(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/65a551298ef05f380ddc12786157fff9bc60639b">65a55129</a></strong>
<div>
<span>by Simon Pichugin</span>
<i>at 2021-02-24T13:34:02+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4513 - Fix replication CI test failures (#4557)
Description: Divide regression test suite into separate
files with different topologies to use. It fixes topology
conflicts that may occurre.
Fix cleanup finalizer at topo_with_sigkill fixture.
Remove rfc2307compat test suite as it's not valid
as we don't ship 10rfc2307.ldif anymore.
https://github.com/389ds/389-ds-base/pull/4388/
Relates: #4513
Reviewed by: @mreynolds389, @Firstyear
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/3fc16cccf903cddd9cb197e156afc37f7e330e23">3fc16ccc</a></strong>
<div>
<span>by Firstyear</span>
<i>at 2021-03-02T11:15:31+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4588 - BUG - unable to compile without xcrypt (#4589)
Bug Description: If xcrypt is not available, especially on some
distros with older libraries, 389 was unable to build.
Fix Description: Detect if we have xcrypt, and if not, add
stubs that always error instead.
fixes: https://github.com/389ds/389-ds-base/issues/4588
Author: William Brown <william@blackhats.net.au>
Review by: @progier389, @jchapma, @droideck (Thanks!)</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/e8b93a6b57d0911b0f0d887138d82aa6e31f51b2">e8b93a6b</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-03T15:33:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4169 - UI - updates on the tuning page are not reflected in the UI
Bug Description: We were not reloading the configuration after applying
to the server. So the UI would appear to reset to the
previous value.
Fix Description: This was fixed in master branch as part of a different
effort to move to PF4. Back porting that part of the
fix to 1.4.4
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/85fabb6f2492e453d5b80041b7537707727d6489">85fabb6f</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-09T12:39:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4663 - CLI - unable to add objectclass/attribute without x-origin
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/d3c7f40a06459e678d8ff6e2de5d7ea82f7a679c">d3c7f40a</a></strong>
<div>
<span>by Firstyear</span>
<i>at 2021-03-10T12:46:09+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4659 - restart after openldap migration to enable plugins (#4660)
Bug Description: Rather than requesting the user to do the fixup
which also relies on them to know to restart after enabling the
plugins, we should restart and do the fixup.
Fix Description: Restart before we do post tasks.
fixes: https://github.com/389ds/389-ds-base/issues/4659
Author: William Brown <william@blackhats.net.au>
Review by: @mreynolds389 </pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/12b25060b737a8ef6f8e5e05fa0f7efa6c27e0ba">12b25060</a></strong>
<div>
<span>by Firstyear</span>
<i>at 2021-03-10T12:59:35+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4661 - RFE - allow importing openldap schemas (#4662)
Bug Description: Many applications only publish schemas in
openldap formats. We should be able to import them.
Fix Description: Add a dsconf tool that allows online
importing of these schemas. This uses the migration framework
underneath so that we avoid code duplication.
fixes: https://github.com/389ds/389-ds-base/issues/4661
Author: William Brown <william@blackhats.net.au>
Review by: @mreynolds389 (Thanks!)</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/e8a4c61b7f0952846b9ff02fc9c1a373249e4e65">e8a4c61b</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-11T08:51:06-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down
Bug Description: If a custom path is used for something like the backup directory,
dsctl will still use the default path from defaults.inf.
Fix Description: When initializing the default Paths consult dse.ldif for some
of the paths.
relates: https://github.com/389ds/389-ds-base/issues/4459
Reviewed by: firstyear(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/f32cd6d1fcb4a73825c3554d965115c227b15d0b">f32cd6d1</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-11T09:24:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4656 - Remove problematic language from UI/CLI/lib389
Description: Replace "master" and "slave" with more appropriate names
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: firstyear(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/6fddab6d62c23fa95f87d1774846700d121146c8">6fddab6d</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-11T09:59:57-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4656 - Make replication CLI backwards compatible with role name change
Description: All replication role names to be backawards compatible with
problematic language changes
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: mreynolds
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/a6b7d062b58dd27736b7ac49a48ab4c9dd53d55e">a6b7d062</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-15T23:35:24-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4658 - monitor - connection start date is incorrect
Description: The connection start time was incorrectly set to a
MONTONIC time instead of a REALTIME. This just sets
the start time to REALTIME and the "idletimeout" to
MONOTONIC as originally intended.
Relates: https://github.com/389ds/389-ds-base/issues/4658
Reviewed by: mreynolds (one line commit rule)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/b190d1fb89c5f5ab8f95dea7da7955a4fe107da9">b190d1fb</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-17T09:51:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4229 - Fix Rust linking
Description: Fixed a build problem related to:
- undefined reference to symbol
- error adding symbols: DSO missing from command line
Relates: https://github.com/389ds/389-ds-base/issues/4229
Reviewed by: mreynolds
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/8d081684ec798245adcb08cf32e94907aacaa965">8d081684</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-18T13:20:49-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4671 - UI - Fix browser crashes
Description: if schema attributes were missing x-origin it would crash the browser,
and in Monitor -> Replication, if the replication agreement is in an
odd state, and the lag was not computable, it could also crash the UI.
Relates: https://github.com/389ds/389-ds-base/issues/4671
Reviewed by: mreynolds (one line commit rule)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/37dc95673fb1e91a5cd591e80a8e8f390d9a7ba1">37dc9567</a></strong>
<div>
<span>by Thierry Bordaz</span>
<i>at 2021-03-19T14:02:36+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bump version to 1.4.4.14
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/2cda79bce1709c53d249a7b25782068bba25f2c2">2cda79bc</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-29T15:21:49-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4706 - negative wtime in access log for CMP operations
Description: We forgot to set the start time for compare operations,
this led to invalid values in the access log for optime
and wtime.
relates: https://github.com/389ds/389-ds-base/issues/4706
Reviewed by: mreynolds (one line commit ruile)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/6717748947777d111088280c35e44f5567f1d2a4">67177489</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-03-29T21:05:00-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736
Description: Adjust perl and python scripts shebangs for be absolute values
relates: https://github.com/389ds/389-ds-base/issues/2736
Reviewed by: firstyear(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/be2e6636c810f74489d433e5b16316797029703f">be2e6636</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-04-02T14:10:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4700 - Regression in winsync replication agreement (#4712)
Bug description:
#4396 fixes a memory leak but did not set 'cn=config' as
DSE backend.
It had no signicant impact unless with sidgen IPA plugin
Fix description:
revert the portion of the #4364 patch that set be_suffix
in be_addsuffix, free the suffix before setting it
relates: https://github.com/389ds/389-ds-base/issues/4700
Reviewed by: Pierre Rogier (thanks !)
Platforms tested: F33</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/f4b03055664db8c31d2a445d06b1b60397bfeb62">f4b03055</a></strong>
<div>
<span>by Thierry Bordaz</span>
<i>at 2021-04-06T11:45:21+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bump version to 1.4.4.15
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/718b45376c0a03f308a1ab11094192e051593907">718b4537</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-04-13T08:46:26-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4577 - Fix ASAN flags in specfile
Description: Previously Rust and ASAN did not work together and we
had to add special conditions in the specfile file to
avoid the conflict. These checks are no longer needed
and should be removed.
relates: https://github.com/389ds/389-ds-base/issues/4577
Author: vashirov@redhat.com - Thanks!
Reviewed by: mreynolds
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/91c1c4d08f277275b3e00c2580b403f7388f8cb7">91c1c4d0</a></strong>
<div>
<span>by Firstyear</span>
<i>at 2021-04-16T11:25:08+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4637 - ndn cache leak (#4724)
Bug Description: During the change of the ndn cache to rust a memory
leak was missed (probably due to asan with gcc and rust issues). This
is due to a behavioural change in how dn's were used in the original version.
Fix Description: Free the dn key since rust internally needs to clone
a copy so it can correctly free it.
This also improves the drop code in the rust, and allows environment
passthrough into startup so that external ASAN_OPTIONS can be set.
fixes: https://github.com/389ds/389-ds-base/issues/4637
Author: William Brown <william@blackhats.net.au>
Review by: @mreynolds389
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/58dbf084a63e6dbbd999bf6a70475fad8255f26a">58dbf084</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-04-27T09:39:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4711 - SIGSEV with sync_repl (#4738)
Bug description:
sync_repl sends back entries identified with a unique
identifier that is 'nsuniqueid'. If 'nsuniqueid' is
missing, then it may crash
Fix description:
Check a nsuniqueid is available else returns OP_ERR
relates: https://github.com/389ds/389-ds-base/issues/4711
Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)
Platforms tested: F33</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/6446fe27ac5cd910084dde436a0bd5f7b5f44065">6446fe27</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-04-29T11:40:09+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732)
Bug description:
The fix #2932 (Contention on virtual attribute lookup) reduced
contention on vattr acquiring vattr lock at the operation
level rather than at the attribute level (filter and
returned attr).
The fix #2932 is invalid. it can lead to deadlock scenario
(3 threads). A vattr writer (new cos/schema) blocks
an update thread that hold DB pages and later needs vattr.
Then if a reader (holding vattr) blocks vattr writer and later
needs the same DB pages, there is a deadlock.
The decisions are:
- revert #2932 (this issue)
- Skip contention if deployement has no vattr #4678
- reduce contention with new approaches
(COW and/or cache vattr struct in each thread)
no issue opened
Fix description:
The fix reverts #2932
relates: https://github.com/389ds/389-ds-base/issues/4667
Reviewed by: William Brown, Simon Pichugin
Platforms tested: F33
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/4ba0f07d49a1808ee976f7663aefadd0d0a0ff3f">4ba0f07d</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-04-30T08:43:08-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4742 - UI - should always use LDAPI path when calling CLI
Bug Description:
In some places in the UI code we call dsconf like:
dsconf -j slapd-instance ...
Instead of:
dsconf -j "ldapi://%2fvar%2frun%2fslapd-" + this.props.serverId + ".socket"
The problem is that if you setup the ".dsrc" file to use something other than LDAPI then the UI hangs.
Fix Description:
We need to always call the CLI using the LDAP socket.
Relates: https://github.com/389ds/389-ds-base/issues/4742
Reviewed by: spichugi(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/e0cf8a9cbabf47b90b67190f110a6bb3239cd623">e0cf8a9c</a></strong>
<div>
<span>by James Chapman</span>
<i>at 2021-04-30T13:54:02+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4701 - RFE - Exclude attributes from retro changelog (#4723)
Description: When the retro changelog plugin is enabled it writes the
added/modified values to the "cn-changelog" suffix. In
some cases an entries attribute values can be of a
sensitive nature and should be excluded. This RFE adds
functionality that will allow an admin exclude certain
attributes from the retro changelog DB.
Relates: https://github.com/389ds/389-ds-base/issues/4701
Reviewed by: mreynolds389, droideck (Thanks folks)</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/70c3e9e714da5bac621a66e694d74854df990959">70c3e9e7</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-05-07T08:51:17+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4759 - Fix coverity issue (#4760)
Bug description:
with #4218 (wtime, optime in access log), hrtime is set in the
operation. But it is done before checking if the operation is
set. covscan fails
Fix description:
move the setting after verification that operation != NULL
relates: https://github.com/389ds/389-ds-base/issues/4759
Reviewed by: Simon Pichugin
Platforms tested: F34</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/db47dfcb5da7cb60ebd08828e7b0e1c145a92532">db47dfcb</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-05-12T14:33:33+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727)
Bug description:
Enhance password policy to support registration password (Temporary Password Rules)
design is https://www.port389.org/docs/389ds/design/otp-password-policy.html
Fix description:
The fix introduces new password policy configuration attributes
(passwordTPR*) and entry (user) operational attributes (pwdTPR*).
It supports Temporary Password Rules (fixed use count) and validity
window (valid since-until).
During bind it checks if the TPR limits are violated.
During password update it computes and set
operational attributed (pwdTPR*).
Note: a previous version of the fix/design mentioned
this feature as 'One Time Password'. This naming was confusing
and the current version replace it with 'Temporary Password
Rules' (aka TPR). If it remains some 'OTP' code/comments
it is a mistake.
relates: https://github.com/389ds/389-ds-base/issues/4725
Reviewed by: William Brown (Thanks !!!)
Platforms tested: F33
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/56299aef7ddb8910e6aeb173e1ddb8cdbedc2f30">56299aef</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-05-17T09:24:51-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4770 - Lower FIPS logging severity
Description: If FIPS is not available on a system we log errors messages
with the severity level of ERR, but it's not really an error
so it should be changed to NOTICE.
relates: https://github.com/389ds/389-ds-base/issues/4770
Reviewed by: mreynolds (one line commit rule)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/49a5f1c179112331c7b7da3ec426dc2e6e92d316">49a5f1c1</a></strong>
<div>
<span>by Thierry Bordaz</span>
<i>at 2021-05-17T17:24:03+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4725 - Fix compiler warnings
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/66bbfee82ca8de3079b28b67ace5aa3243a1e48f">66bbfee8</a></strong>
<div>
<span>by tbordaz</span>
<i>at 2021-05-18T12:29:29-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748)
Bug description:
Some tests (17) in the tests suite (dirsrvtest/tests/suites)
are failing although there is no regression.
It needs (long) investigations to status if failures
are due to a bug in the tests or in DS core.
Until those investigations are completes, test suites
loose a large part of its value to detect regression.
Indeed those failing tests may hide a real regression.
Fix description:
Flag failing tests with pytest.mark.flaky(max_runs=2, min_passes=1)
Additional action will be to create upstream 17 ticket to
status on each failing tests
relates: https://github.com/389ds/389-ds-base/issues/4747
Reviewed by: Simon Pichugin, Viktor Ashirov (many thanks for your
reviews and help)
Platforms tested: F33
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/e3104967dddc3fdff886fc0d9535934b987ebd74">e3104967</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-05-19T12:19:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 3555 - Fix UI audit issue
Description: This does not fix all the audit errors because we need
to get off of patternfly 3 first, but this does address
a critical vulnerability and several high vulnerabilities.
relates: #3555
Reviewed by: mreynolds
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/a80d6770454381a47495625c7a21e347f9a69282">a80d6770</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-05-21T13:11:25-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4773 - Enable interval feature of DNA plugin
Description: Enable the dormant interval feature in DNA plugin
relates: https://github.com/389ds/389-ds-base/issues/4773
Review by: mreynolds (one line commit rule)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/50606d85f34cbb0d504e90ee5aa84e64c5e5cc93">50606d85</a></strong>
<div>
<span>by MIZUTA Takeshi</span>
<i>at 2021-05-25T11:17:28-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4781 - There are some typos in man-pages
Description: Fixed the following man-page typo.
- dbscan(1)
- ldclt(1)
- rsearch(1)
- 99user.ldif(5)
- dirsrv.systemd(5)
relates: https://github.com/389ds/389-ds-base/issues/4781
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/bba519cceb29c912d4abcbda13c5f615939f22bf">bba519cc</a></strong>
<div>
<span>by Simon Pichugin</span>
<i>at 2021-05-26T13:39:34+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4623 - RFE - Monitor the current DB locks (#4762)
Description: DB lock gets exhausted because of unindexed internal searches
(under a transaction). Indexing those searches is the way to prevent exhaustion.
If db lock get exhausted during a txn, it leads to db panic and the later recovery
can possibly fail. That leads to a full reinit of the instance where the db locks
got exhausted.
Add three attributes to global BDB config: "nsslapd-db-locks-monitoring-enabled",
"nsslapd-db-locks-monitoring-threshold" and "nsslapd-db-locks-monitoring-pause".
By default, nsslapd-db-locks-monitoring-enabled is turned on, nsslapd-db-locks-monitoring-threshold is set to 90% and nsslapd-db-locks-monitoring-threshold is 500ms.
When current locks are close to the maximum locks value of 90% - returning
the next candidate will fail until the maximum of locks won't be
increased or current locks are released.
The monitoring thread runs with the configurable interval of 500ms.
Add the setting to UI and CLI tools.
Fixes: https://github.com/389ds/389-ds-base/issues/4623
Reviewed by: @Firstyear, @tbordaz, @jchapma, @mreynolds389 (Thank you!!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/407a9ebeb931133b693de7df3dc2e0e708f29a84">407a9ebe</a></strong>
<div>
<span>by progier389</span>
<i>at 2021-05-26T16:22:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4764 - replicated operation sometime checks ACI (#4783)
(cherry picked from commit 0cfdea7abcacfca6686a6cf84dbf7ae1167f3022)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/7b583470269c49cd2e3d5b8b83e0e325b2154ddf">7b583470</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-05-28T13:47:17-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4778 - RFE - Allow setting TOD for db compaction and add task
Description: Since database compaction can be costly it should be allowed
to set a time to execute it during offpeak hours. Once the
compaction interval has been met, it will wait for the configured
time of day to do the compaction. The default is just before
midnight: 23:59
A task was also created that can run compaction on demand,
and can also just target the replication changelog. This could
be used in conjunction with a cronjob for more complex
execution patterns.
ASAN tested and approved.
relates: https://github.com/389ds/389-ds-base/issues/4778
Reviewed by: spichugi(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/23c28c2f0825d2eacb55c7971dd4272f6bd76d84">23c28c2f</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-05-30T11:15:00-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Issue 4719 - lib389 - fix dsconf passthrough auth bugs
Description: This fixes issues with pass through auth subtree validation
and other fixes with adding/editting URLs and nslapd-pluginarg
attributes
Relates: https://github.com/389ds/389-ds-base/issues/4719
Reviewed by: spichugi(Thanks!)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/f835ad25ba033e1d80b81770dc63611233e096d0">f835ad25</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-05-30T11:27:33-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update npm packages
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/commit/3d31c6c717391d45a7e85492209ee8fcde7dfe3b">3d31c6c7</a></strong>
<div>
<span>by Mark Reynolds</span>
<i>at 2021-05-30T11:28:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bump version to 1.4.4.16
</pre>
</li>
</ul>
<h4>10 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#c912f4d2f00cf8e018013a90a8dd6e257a5eb6e5">
<span class="new-file">
+
.github/workflows/pytest.yml
</span>
</a>
</li>
<li class="file-stats">
<a href="#d5b4de16d947214ec306bd57bed1bd23a939b5f9">
Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#d7e560a1b9a915cc82a4a544b31706fd6db5f6fd">
VERSION.sh
</a>
</li>
<li class="file-stats">
<a href="#60ea306b2db02a8c521992c515b83ad5a7724f49">
dirsrvtests/create_test.py
</a>
</li>
<li class="file-stats">
<a href="#8ae09d8c55ebda036caedcb5f64238c76621d762">
dirsrvtests/tests/data/openldap_2_389/4539/slapd.d/cn=config/cn=schema.ldif
</a>
</li>
<li class="file-stats">
<a href="#82b96472da4b30281208e4cf127143601540a1db">
dirsrvtests/tests/longduration/automembers_long_test.py
</a>
</li>
<li class="file-stats">
<a href="#e4275b4d22d00ae14f602854e7e8d4d7c1eb92f7">
dirsrvtests/tests/stress/README
</a>
</li>
<li class="file-stats">
<a href="#ced840a51b62c1389fa1792cf51cb3bbc2b19159">
dirsrvtests/tests/stress/reliabilty/reliab_7_5_test.py
</a>
</li>
<li class="file-stats">
<a href="#af2d5da6d5f646debeb3211ac85c7be1aa71c41e">
dirsrvtests/tests/stress/replication/mmr_01_4m-2h-4c_test.py
</a>
</li>
<li class="file-stats">
<a href="#8efe1a58874e11fab94c1ce2beb07c04e03b60b6">
dirsrvtests/tests/stress/replication/mmr_01_4m_test.py
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/16e40086928e66f78027fad202308a83334a46e7...3d31c6c717391d45a7e85492209ee8fcde7dfe3b">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>