[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][master] 33 commits: Ticket 49877 - Add log level functionality to UI

Timo Aaltonen gitlab at salsa.debian.org
Wed Oct 10 23:00:16 BST 2018

Timo Aaltonen pushed to branch master at FreeIPA packaging / 389-ds-base

09ad0d01 by Mark Reynolds at 2018-08-27T19:48:23Z
Ticket 49877 - Add log level functionality to UI

Description:  Add logic to get and save the access & errors log levels
              in the UI tables


Reviewed by: ?

- - - - -
d6616221 by Simon Pichugin at 2018-08-28T13:19:38Z
Issue 49866 - Refactor PwPolicy lib389/CLI module

Description: Refactor Password Policy module and its CLI part.
Add PwPolicyManager object and PwPolicyEntry(DSLdapObject).
Validate LDIF and Backup dir paths. Don't accept a forward slash
because it can lead to a security flow.
Add an additional assertion to Backup/Restore CLI test suite.


Reviewed by: mreynolds (Thanks!)

- - - - -
2dc26d9b by Amita Sharma at 2018-08-29T15:43:54Z
Issue 48053 - Add attribute encryption test cases

Description: Added test cases for attribute encryption


Reviewed by: Simon and Viktor

- - - - -
78fc627a by Mark Reynolds at 2018-08-30T18:28:10Z
Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly

Bug Description:  We clone a pblock in a psearch search, and under certain
                  error conditions this pblock is freed, but it frees the
                  password policy struct which can lead to a double free
                  when the original pblock is destroyed.

Fix Description:  During the cloning, set the pwppolicy struct to NULL
                  so the clone allocates its own policy if needed


Reviewed by: ?

- - - - -
8857b150 by Akshay Adhikari at 2018-09-04T04:15:06Z
Issue 49930 - Correction of the existing fixture function names to remove test_ prefix

Description: Fixed fixture names and also python3 issue.


Reviewed by: amsharma & spichugi (Thanks!)

- - - - -
c64f7fb1 by Mark Reynolds at 2018-09-04T13:33:18Z
Ticket 49866 - fix typo in cos template in pwpolicy subtree create

Description:  Typo in the pwdpolicy subentry attribute name


Reviewed by: mreynodls(one line commit rule)

- - - - -
8ff8cb85 by Mark Reynolds at 2018-09-05T18:10:42Z
Ticket 49937 - Log buffer exceeded emergency logging msg is not thread-safe

Bug Description:  Multiple operations making modificatiosn on a DN
                  that is very large can crash the server, because
                  when we do emergency logging, we close and reopen
                  the errors log withgout hold the error log write
                  lock.  This causes the FD pointer to be become
                  invalid and triggers a crash.

Fix description:  Hold the errors log write lock while closing and
                  reopening the log


Reviewed by: vashirov(Thanks!)

- - - - -
e59b309c by William Brown at 2018-09-12T10:36:02Z
Ticket 49887: Clean thread local usage

Clean the thread local usage of the logging system to be more inline with
pthread's intent, remove bad practices of case/switch get setters, and change
the types to be more effecient struct types. Generally make it better


Author: William Brown <william at blackhats.net.au>

- - - - -
4881826e by Mark Reynolds at 2018-09-14T14:18:52Z
Ticket 49926 - Add replication functionality to dsconf

Description: Add replication functionality to the dsconf.  This includes
             repl config, agmts, winsync agmts, and cleanallruv/abort cleanallruv

             Adjusted the backend options to use hyphens for consistency


Reviewed by: spichugi & firstyear(Thanks!!)

- - - - -
fc2008c4 by Viktor Ashirov at 2018-09-17T12:01:35Z
Ticket 49926 - Fix replication tests on 1.3.x

nsAccount is not supported by 1.3.x branch.

Fix description:
Remove nsAccount objectClass from Replication Manager
if DS is older than 1.4.x.


Reviewed by: mreynolds, firstyear (Thanks!)

- - - - -
219fd4b1 by Simon Pichugin at 2018-09-18T07:50:16Z
Issue 49928 - Refactor and improve schema CLI/lib389 part to DSLdapObject

Description: First commit that refactors Schema object and
removes SchemaLegacy usage from CLI.
Add full CLI Schema functionality to lib389.
It includes: list, query, add, edit, remove operations.


Reviewed by: mreynolds, wibrown (Thanks!)

- - - - -
b4164ccf by Thierry Bordaz at 2018-09-18T12:33:20Z
Ticket 49954 - On s390x arch retrieved DB page size is stored as size_t rather than uint32_t

Bug Description:
	The page size is retrieved from uint32_t dblayer_page_size.
	Later it is stored in a size_t variable with a cast.
	Depending on little/big endian the page size can be stored in the upper/lower bits of the 64bits variable.
	Later the variable is used to set the page size of a database file using the lower bits (uint32_t) that are zeroed.

Fix Description:
	The BDB callback to set the pagesize, expects a a uint32_t.
	Make sure the field containing it is uint32_t (instead of size_t) as the page
	size is retrieved as a uint32_t as well (dblayer_page_size/BACK_INFO_INDEXPAGESIZE)


Reviewed by: Ludwig Krispen

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
efa39cbc by Simon Pichugin at 2018-09-21T14:26:38Z
Issue 49928 - WebUI schema functionality and improve CLI part

Description: Add schema functionality for add/edit/remove for
for attributes and objectClasses. Add get_attr_syntaxes funciton.
Fix small CLI schema issues and lib389 API part.
Set LogCapture level on the init.
Add copyright for cli/conf_backup_test.py.


Reviewed by: mreynolds, mhonek (Thanks!)

- - - - -
ff3da975 by Thierry Bordaz at 2018-09-25T07:47:23Z
Ticket 49958: extended search fail to match entries

Bug Description:
	During an extended search, a structure is created for each filter component.
	The structure contains the keys generated from the assertion and using the given
	matching rule indexer.
	Later the keys will be compared (with the MR) with keys generated from the
	attribute values of the candidate entries.
	The bug is that parsing the assertion, instead of removing the heading spaces
	the routine clear the assertion that is empty. So the generated keys is NULL.

Fix Description:
	The fix consists to only remove heading spaces


Reviewed by: Mark Reynolds

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
4f118f42 by Matúš Honěk at 2018-09-25T14:01:04Z
Issue 49947 - Coverity: 389-ds-base-

Bugs and fixes description:
- 15607:
  - in lib389/suffix.py: Structurally dead code
- 15604:
  - in bug_harness.py: Null dereference
  + solved by removing the file as it is unused and outdated
    - additionally, remove the static_var decorator definition as it
      is not used anyway any more
- 15754:
  - in pwdPolicy_syntax_test.py: fix typo in identifier
  + Fix log msg in file pw.c
- 17046, 17061, 17063, 17069, 17084:
  - in backend_test and backendLegacy_test: fix use before NULL check
- 17473:
  - in lib389/__init__.py: Identical code in different branches
  + removed the wrapper altogether as we don't support Python2 any more
- replace SafeConfigParser with ConfigParser for it has been just an
  alias since Python 3.2 and will be removed in the future


Author: mhonek

Review by: spichugi, firstyear (Thanks!)

- - - - -
c73cd26d by Viktor Ashirov at 2018-09-26T12:28:10Z
Issue 49963 - ASan build fails on F28

Bug Description:
When building with gcc, we need to link wit libasan.

Fix Description:
Add -lasan to compiler flags.


Reviewed by: tbordaz (Thanks!)

- - - - -
bdb86769 by Thierry Bordaz at 2018-10-04T09:44:04Z
Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and replication cannot finish

Bug Description:
	During a total initialization the supplier builds a candidate list of the entries to send.
	Because of https://fedorahosted.org/389/ticket/48755, the candidate list relies on parentid attribute.
	All entries, except tombstones and suffix itself, have parentid.
	There is an assumption that the first found key (i.e. '=1') contains the suffix children.
	So when it finally finds the suffix key it adds its children to a leftover list rather to the candidate list.
	Later idl_new_range_fetch loops for ever trying to add suffix children from leftover to candidate list.

Fix Description:
	The fix consist to store the suffix_id (if it does not exist already) in the parentid index (with the key '=0').
	Then get it to detect the suffix key from the index in idl_new_range_fetch.


Reviewed by: Ludwig Krispenz, William Brown (thanks !)

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
e2810e78 by Matúš Honěk at 2018-10-05T08:46:36Z
Ticket 49943 - rfc3673_all_oper_attrs_test is not strict enough

Bug Description:
Test suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic
does not reach constraints extensively. The asserts are too

The commit 6ef4eb5 changed 'normal user' ACIs, however these changes
introduced new attr 'modifiersName' which was supposed to be missing
when searching.

In the first case, assert checks only for 'objectClass' and
pseudo-randomly one more attr to be present which is not sufficient.

In the second case, recently changed assert introduced weaker check
than the one present before.

Fix Description:
Bring back previous ACI to explicitly test the difference when binding
as normal user and the DM.

In case of add_attr == '*', test for all expected_attrs to be in
found_attrs. In the other case bring back the strict comparison as
there used to be before.


Author: mhonek

Review by: firstyear, spichugi (Thanks!)

- - - - -
be947047 by Timo Aaltonen at 2018-10-09T07:42:06Z
control: Build on any arch again.

- - - - -
a49bd03d by Mark Reynolds at 2018-10-09T18:42:46Z
Ticket 49969 - DOS caused by malformed search operation (security fix)

Bug Description:  There are two issues here.  The one in we don't cloase a
                  connection when an invalid unbind occurs.  The other is a
                  search request passing 8MB of NULL bytes as search attributes
                  will keep one thread busy for a long time.  The reason is
                  that the attr array is copied/normalized to the searchattrs in
                  the search operation and does this using charray_add() which
                  iterates thru the array to determine the size of the array and
                  then allocate one element more.  So this means we iterate 8
                  million times an array with a then average size of 4 million

Fix Description:  We already have traversed the array once and know the size,
                  so we can allocate the needed size once and only copy the element.
                  In addition we check for the kind of degenerated attributes ""
                  as used in this test scenario.  So the fix will reject invalid
                  attr lists and improve performance for valid ones

Author: Ludwig Krispens <lkrispen at redhat.com>


Reviewed by: tbordaz & mreynolds (Thanks!)

- - - - -
068a00fb by Mark Reynolds at 2018-10-09T18:54:53Z
Bump version to

- - - - -
23735a5e by Timo Aaltonen at 2018-10-09T18:55:26Z
perl-use-move-instead-of-rename.diff: Use copy instead of move, except when restoring files in case of an error.

- - - - -
1fc5aec4 by Timo Aaltonen at 2018-10-10T07:47:30Z
Merge branch 'upstream'

- - - - -
ab466137 by Timo Aaltonen at 2018-10-10T07:50:10Z
bump version

- - - - -
a6369790 by Mark Reynolds at 2018-10-10T13:27:36Z
Ticket 49969 - DOS caused by malformed search operation (part 2)

Description:  Fix regression that casued a crash


- - - - -
614837ac by German Parente at 2018-10-10T15:29:50Z
Ticket #49946 upgrade of 389-ds-base could remove replication agreements.

Bug Description:

when a replication agreement starts with "cn=->...", the upgrade is removing
the entry.

Fix Description:

a check is missing when re-building dse.ldif in "setup-ds.pl -u" that provoked this entry not to be re-added to the file.


Author: German Parente <gparente at redhat.com>

Review by: ???

- - - - -
80d0d712 by Thierry Bordaz at 2018-10-10T15:39:04Z
Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from filter_candidates_ext

Bug Description:
	When a filter component is indexed but returns an empty IDL
	an alarming message is logged although it is normal.

Fix Description:
	Remove the alarming message


Reviewed by: Mark Reynolds

Platforms tested: F27 + testcase

Flag Day: no

Doc impact: no

- - - - -
d2aa131f by Mark Reynolds at 2018-10-10T16:32:17Z
Bump version to

- - - - -
c4a7fd96 by Timo Aaltonen at 2018-10-10T20:20:25Z
Merge branch 'upstream'

- - - - -
2e862603 by Timo Aaltonen at 2018-10-10T20:20:44Z
bump the version

- - - - -
4f3b98ab by Timo Aaltonen at 2018-10-10T21:25:23Z
Move the new utils (dsconf, dscreate, dsctl, dsidm) to python3- lib389.

- - - - -
30fe2aed by Timo Aaltonen at 2018-10-10T21:28:20Z
control: Add python3-argcomplete to python3-lib389 depends. (Closes: #910761)

- - - - -
4b3d5b5f by Timo Aaltonen at 2018-10-10T21:56:11Z
releasing package 389-ds-base version

- - - - -

30 changed files:

- configure.ac
- debian/389-ds-base.install
- debian/changelog
- debian/control
- debian/patches/perl-use-move-instead-of-rename.diff
- debian/python3-lib389.install
- + dirsrvtests/tests/suites/attr_encryption/attr_encryption_test.py
- dirsrvtests/tests/suites/basic/basic_test.py
- dirsrvtests/tests/suites/filter/filter_test.py
- dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py
- dirsrvtests/tests/suites/paged_results/paged_results_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py
- dirsrvtests/tests/suites/password/regression_test.py
- dirsrvtests/tests/suites/replication/acceptance_test.py
- dirsrvtests/tests/suites/replication/conflict_resolve_test.py
- dirsrvtests/tests/suites/replication/regression_test.py
- dirsrvtests/tests/tickets/ticket48808_test.py
- ldap/admin/src/scripts/FileConn.pm
- ldap/servers/plugins/collation/orfilter.c
- ldap/servers/plugins/replication/cl5_api.c
- ldap/servers/plugins/replication/cl5_api.h
- ldap/servers/plugins/replication/repl5_agmt.c
- ldap/servers/plugins/replication/repl5_tot_protocol.c
- ldap/servers/slapd/back-ldbm/dblayer.c
- ldap/servers/slapd/back-ldbm/filterindex.c
- ldap/servers/slapd/back-ldbm/idl_new.c
- ldap/servers/slapd/back-ldbm/index.c

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/0f6d96812299624a6a388b11eb1e2c16296546f4...4b3d5b5f0287d954b07c90f7e8e9ee06e98a4a29

View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/0f6d96812299624a6a388b11eb1e2c16296546f4...4b3d5b5f0287d954b07c90f7e8e9ee06e98a4a29
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20181010/1cce4a2d/attachment-0001.html>

More information about the Pkg-freeipa-devel mailing list