[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 114 commits: Issue 50508 - UI - fix local password policy form
Timo Aaltonen
gitlab at salsa.debian.org
Tue Nov 26 22:04:39 GMT 2019
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base
Commits:
53efe7a1 by Mark Reynolds at 2019-07-22T16:51:54Z
Issue 50508 - UI - fix local password policy form
Description: The modal width is too narrow and it overflows
relates: https://pagure.io/389-ds-base/issue/50508
Reviewed by: mreynolds(one line commit rule)
- - - - -
9ea5b9bf by Anuj Borah at 2019-07-23T17:26:01Z
Issue 50511 - lib389 PosixGroups type can not handle rdn properly
Description: lib389 PosixGroups type can not handle rdn properly
Fixes: https://pagure.io/389-ds-base/issue/50511
Author: aborah
Reviewed by: Simon Pichugin, Matus Honek
- - - - -
c7782552 by Simon Pichugin at 2019-07-24T09:28:49Z
Issue 50488 - Create a monitor for disk space usagedisk-space-mon
Description: Create a new monitor object: cn=disk space,cn=monitor.
It contains 'dsDisk' multi-valued attribute which has a format:
dsdisk: partition="/" size="42006183936" used="35768864768" available="6237319
168" use%="85"
dsdisk: partition="/tmp" size="1023303680" used="950198272" available="7310540
8" use%="92"
Add MonitorDiskSpace(DSLdapObject) to monitor.py.
Add a test to check the basic functionality.
Remove unused code and its statfs.h dependency.
Remove SLAPD_MONITOR_DN definition because it is unused.
https://pagure.io/389-ds-base/issue/50488
Authors: spichugi, mreynolds
Reviewed by: mreynolds, tbordaz, mhonek (Thanks!)
- - - - -
4295210b by Thierry Bordaz at 2019-07-25T13:54:16Z
Ticket 50510 - etime can contain invalid nanosecond value
Bug Description:
When computing the etime, it takes into account the nanosecond.
At border of a second, the ending nsec can be lower than starting nsec.
In such case the computation is wrong as delta=(ending_nsec - starting_nsec) is negative.
final_nsec = 1 - delta > 1sec
Fix Description:
if delta=(ending_nsec - starting_nsec) is negative
final_nsec = 1 + delta < 1sec
https://pagure.io/389-ds-base/issue/50510
Reviewed by: Mark Reynolds (Thanks!)
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
b07be1e6 by Mark Reynolds at 2019-07-30T18:38:26Z
Issue 50521 - Add regressions in CI tests
Description: Port accpol_test.py to DSLdapObject. The othertests are all
related to a change with hiding unhashed passwords by default
in the logs.
relates: https://pagure.io/389-ds-base/issue/50521
Reviewed by: vashirov(Thanks!)
- - - - -
a593f3d0 by Mark Reynolds at 2019-07-30T20:25:58Z
Issue 50506 - Replace slapi_entry_attr_get_charptr() with slapi_entry_attr_get_ref()
Description:
There has been a pattern/habit in the code of using slapi_entry_attr_get_charptr()
to get an attribute value, but this function strdup's the entry's attribute value.
In almost all cases the slapi_entry_attr_get_charptr() value is freed right away -
it is not consumed. This is causing unnecessary malloc/free's which adds to
fragmentation and hurts performance. Instead, if the attribute value is not consumed
we should use slapi_entry_attr_get_ref() instead, which just grabs a pointer to
the attribute value.
relates: https://pagure.io/389-ds-base/issue/50506
ASAN & covscan approved
Reviewed by: lkrispen(Thanks!)
- - - - -
4b240e96 by Mark Reynolds at 2019-08-01T14:21:02Z
Issue 50506 - Fix invalid frees from pointer reference calls.
Description: There were a few free calls that were not removed
which caused a double free. There was also extra
care needed in pw.c around shadow password attribute
values.
relates: https://pagure.io/389-ds-base/issue/50506
Reviewed by: lkrispen(Thanks!)
- - - - -
67c7604b by Mark Reynolds at 2019-08-02T16:07:07Z
Issue 50529 - LDAP server returning PWP controls in different sequence
Description: The server returns password policy controls in different orders
depending on the state of grace logins. The requested control,
if any, should be returned first, followed by any controls the
server might add.
relates: https://pagure.io/389-ds-base/issue/50529
Reviewed by: mreynolds (one line commit rule)
- - - - -
4159cf6d by Mark Reynolds at 2019-08-05T13:20:55Z
Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
Bug Description: A regression was introduced some time back that changed the
behavior of how the server handled the "1.1" requested attribute
in a search request. If "1.1" was requested along with other
attributes then no attibutes were returned, but in this case "1.1"
is expected to be ignroed.
Fix Description: Only comply with "1.1" if it is the only requested attribute
relates: https://pagure.io/389-ds-base/issue/50530
Reviewed by: firstyear(Thanks!)
- - - - -
64e457ad by Anuj Borah at 2019-08-07T10:12:13Z
Issue: 48851 - Add more test cases to the match test suite(mode replace)
Bug Description: Add more test cases to the match test suite(mode replace)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
7fb25957 by Anuj Borah at 2019-08-07T14:19:25Z
Issue: 48851 - investigate and port TET matching rules filter tests(indexing final)
Bug Description: Investigate and port TET matching rules filter tests(indexing final)
Relates : https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
70461785 by Mark Reynolds at 2019-08-07T14:34:33Z
Issue 50507 - Fix Cockpit UI styling for PF4
Description: Fix the UI stylings to be aligned with Patternfly 4.
Also cleaned up ds.css to remove unused and duplicate
classes.
Added framework for PF React 4 so we start porting
PF React to version 4 as well.
relates: https://pagure.io/389-ds-base/issue/50507
Reviewed by: spichugi(Thanks!)
- - - - -
205506a9 by Ludwig Krispenz at 2019-08-07T15:14:51Z
Issue 50506 - cont Fix invalid frees from pointer reference calls
one more issue found with dynamic_plugins test suite and ASAN
- - - - -
b8c64856 by Mark Reynolds at 2019-08-07T20:38:25Z
Issue 50534 - CLI change schema edit subcommand to replace
Description: The way the CLI currently edits an attribute or objectclass
is that it deletes it, and then adds the new attribute using
only the params specified in "edit". So the subcommand "edit"
is misleading as previous/untouched values will get overwritten,
it should be "replace" instead to avoid confusion.
relates: https://pagure.io/389-ds-base/issue/50534
Reviewed by: spichugi(Thanks!)
- - - - -
fb3be041 by Mark Reynolds at 2019-08-07T20:49:22Z
Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted
Bug Description:
If you delete the suffix that is set as the default naming context, the attribute
is not reset.
Also using dsconf to delete a backend/suffix fails if there are vlv indexes, encrypted
attributes, or replication is configured.
Fix Description:
As for the default naming context, if there is a second suffix configured, it will be
automatically set as the new default naming context, otherwise the attribute is not
modified.
For dsconf backend delete issue, it now checks and removes replication configuration
and agreements, and removes all the child entries under the backend entry.
relates: https://pagure.io/389-ds-base/issue/50525
Reviewed by: spichugi(Thanks!)
- - - - -
71d7ca07 by Mark Reynolds at 2019-08-08T12:02:49Z
Issue 50536 - Audit log heading written to log after every update
Bug Description: Once the audit log is rotated the log "title" is incorrectly
written to the log after every single update. This happened
becuase when we udpated the state of the log it was applied
to a local variable, and not the log info structure itself.
Fix Description: After writting the "title", update the state of the log using
a pointer to the log info structure.
relates: https://pagure.io/389-ds-base/issue/50536
Reviewed by: lkrispenz(Thanks!)
- - - - -
35757309 by Mark Reynolds at 2019-08-08T15:48:40Z
Issue 50538 - cleanAllRUV task limit is not enforced for replicated tasks
Bug Description:
There is a hard limit of 64 concurrent cleanAllRUV tasks, but this limit is
only enforced when creating "new" tasks. It was not enforced when a task was
received via an extended operation. There were also race conditions in the
existing logic that allowed the array of cleaned rids to get corrupted . This
allowed for a very large number of task threads to be created.
Fix Description:
Maintain a new counter to keep track of the number of clean and abort threads
to make sure it never over runs the rid array buffers.
relates: https://pagure.io/389-ds-base/issue/50538
Reviewed by: lkrispenz(Thanks!)
- - - - -
21ba8427 by Mark Reynolds at 2019-08-09T13:31:23Z
Issue 50538 - Move CI test to individual file
Description: The CI test needs to be a standalone file as it needs
a clean environment to run correctly
relates: https://pagure.io/389-ds-base/issue/50538
Reviewed by: lkrispenz(Thanks!)
- - - - -
340f2399 by Ludwig Krispenz at 2019-08-13T08:05:34Z
Ticket 50490 objects and memory leaks
Bug: There are severalmemory leaks for replication objects
Fix: This patch contains a couple of fixes:
- The balance of acquire and release for a replica object was incorrect,
but the object is allocated at startup or when a replica is added and
destroyed at shutdown. In between we know the replica exists and can be accessed directly
To ensure that no access was made until it is destroyed the shutdown order was
slightly modifed
- other objects like RUV or AGMT were also not always correctly balanced, this
is corrected
- in cl5_api where many types of objects are used, the variable names were changed
to bettr indicat to what an object refers
- some other leaks, eg in repl5_total_init or op_shared_add were fixed
- unused code has been removed
Reviewed by: William, Thierry, Mark - thanks
- - - - -
7a24286f by Akshay Adhikari at 2019-08-13T13:17:31Z
Issue 50462 - Fix CI tests
Description: Explicitly changed strings to bytes in upgrade-script(tools.py)
Also Added ds_version check in order it won't break in 1.4.
Added a new replication agreement, and a replication manager. Replication is not
working with service accounts.
related: https://pagure.io/389-ds-base/issue/50462
Reviewed by: Firstyear, vashirov (Thanks!)
- - - - -
ca915d58 by Thierry Bordaz at 2019-08-14T13:37:12Z
Ticket 50542 - Entry cache contention during base search
Bug Description:
During a base search the entry cache lock is acquired to retrieve the target entry.
Later when the candidate list is built, the entry cache lock is also acquired
to retrieve the candidate that is actually the target entry itself
So for a base search the entry cache lock is accessed 4 times (2 acquires + 2 releases)
It is very easy to create a huge contention (e.g. dereferencing large group) increasing
etime
Fix Description:
The idea is to acquire the entry, from the entry cache (with refcnt++) when searching the base
search. Then instead of returning the entry (refcnt--) the entry is kept in the operation until
the operation completes. If later we need the entry (to send it back to the client), the entry is
picked up from the operation not from the entry cache lookup
https://pagure.io/389-ds-base/issue/50542
Reviewed by: Ludwig Krispenz, William Brown
Platforms tested: F29
Flag Day: no
Doc impact: no
- - - - -
f5714c12 by Barbora Smejkalova at 2019-08-22T06:25:47Z
Issue 49761 - Fix CI test suite issues
Description:
Fixing failing ticket49071_test.py, so it would pass nightly tests.
Also moved this test to "/suites/import/regression_test.py" and removed ticket49071_test.py from "tickets"
Relates: https://pagure.io/389-ds-base/issue/49071
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: firstyear, vashirov (Thanks!)
- - - - -
7edcaff0 by Ludwig Krispenz at 2019-08-22T14:41:28Z
fix for 50542 crashes in filter tests
The crash is when a backentry is released, there is a call to CACHE_RETURN
and then check and free of a vlv entry.
But CACHE_RETURN, under some conditions, can free the backentry - the following check will
dereference a NULL entry and crashes
Fix: Reverse the order of freeing vlv entry and returning entry to cache
Note: Viktor did successfully runthe tests, thanks
Reviewed by: ?
- - - - -
b5d96274 by Mark Reynolds at 2019-08-22T15:45:06Z
Issue 49624 - modrdn silently fails if DB deadlock occurs
Bug Description:
If a DB Deadlock error occurs during a modrdn operation the entry
cache gets updated (corrupted), but the update is not applied to
the database.
Fix Description:
Looks like there was a copy & paste error, and the wrong attribute
was updated during the retry of the modrdn operation.
relates: https://pagure.io/389-ds-base/issue/49624
Reviewed by: lkrispenz (Thanks!)
- - - - -
6ae84810 by Simon Pichugin at 2019-08-23T07:54:55Z
Issue 50499 - Audit fix - Update npm 'eslint-utils' version
Description: Versions of `eslint-utils` >=1.2.0 or <1.4.1 are vulnerable
to Arbitrary Code Execution. Update the version.
https://pagure.io/389-ds-base/issue/50499
Reviewed by: ?
- - - - -
e3780926 by Mark Reynolds at 2019-08-23T15:32:48Z
Issue 50506 - Fix regression from slapi_entry_attr_get_ref refactor
Description: In pwenc.c we took a reference to the attribute value, but
it was freed before we looked at it.
relates: https://pagure.io/389-ds-base/issue/50506
Regviewed by: mreynolds (one line commit rule)
- - - - -
af4631f2 by Viktor Ashirov at 2019-08-23T16:07:40Z
Issue 49761 - Fix CI test suite issues
Description:
* Update conftest.py to work correctly on FIPS machine
* Rename single letter variables to avoid conflicts with pdb commands
* Skip some tests on versions < 1.4.1.6 where fix is not available
* Add a timeout after import task is created to avoid failures on slow machines
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: spichugi (Thanks!)
- - - - -
441d5aba by Mark Reynolds at 2019-08-26T14:50:05Z
Issue 49324 - idl_new report index name in error conditions
Description: Add the index attribute name to error messages
relates: https://pagure.io/389-ds-base/issue/49324
Reviewed by: firstyear & tbordaz (Thanks!!)
- - - - -
5287b9ac by Simon Pichugin at 2019-08-26T19:22:18Z
Issue 50206 - Refactor lock, unlock and status of dsidm account/role
Description: Port ns-accountstatus.pl, ns-activate.pl and ns-inactivate.pl to lib389 CLI.
Add: dsidm account/role entry-status, dsidm account subtree-status, dsidm role lock/unlock
Refactor: dsidm account lock/unlock
Remove: dsidm account status
Also, refactor role.py and idm/account.py accordingly to the CLI requirements.
https://pagure.io/389-ds-base/issue/50206
Reviewed by: firstyear (Thanks, William!)
- - - - -
bfdb2262 by William Brown at 2019-08-26T22:31:08Z
Ticket 50564 - Fix rust libraries by default and improve docker
Bug Description: Rust libraries were not installed properly
due to quirks of autotools and cargo. Containers as a result
couldn't start in some cases.
Fix Description: Fix this by building rust
libraries as static libs and linking them into existing .so files
instead.
https://pagure.io/389-ds-base/pull-request/50564
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
8474a172 by Mark Reynolds at 2019-08-27T15:13:25Z
Issue 49324 - idl_new fix assert
Description: Remove faulty assert, and retrieve best effort name of index
relates: https://pagure.io/389-ds-base/issue/49324
Reviewed by: tbordaz(Thanks!)
- - - - -
723b88a2 by Anuj Borah at 2019-08-28T10:03:09Z
Issue: 48055 - CI test-(Plugin configuration should throw proper error messages if not configured properly)
CI test-(Plugin configuration should throw proper error messages if not configured properly)
Relates: https://pagure.io/389-ds-base/issue/48055
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
43f7b99c by William Brown at 2019-08-28T23:44:50Z
Ticket 50349 - filter schema validation
Bug Description: 389 Should assert that all attributes in a filter
are present and valid in schema. If there are attributes in a filter
that are not in schema, this can lead to DOS due to fall-back to
un-indexed scans, and it also can mask and cover-up application and
development issues with queries. For example, the referenced case was
caused by IPA mistakenly searching an attribute that can never be
satisfied by ACI/filter. If we warned or rejected filters in this case
we would have quickly communicated to the developer that they had caused
a mistake - feedback, being a vital component of psychology and usability
theory.
This should optionally be allowed to be disabled, due to some sites that
use things like extensibleObject that by nature, bypass and violate schema
checks.
Fix Description: We now have a configuration item that has three levels:
off, warn, on. The idea is that with "on" we'll reject the filter and
won't execute it. "warn", we evaluate the filter, but we map invalid
attributes empty IDL. And "off" we have the "previous" behiavour. We
default to "warn" which is the rfc compliant behaviour.
https://pagure.io/389-ds-base/issue/50349
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, lkrispen (Thanks!)
- - - - -
0c94f219 by Simon Pichugin at 2019-08-30T14:52:18Z
Issue 50578 - Add SKIP_AUDIT_CI flag for Cockpit builds
Description: Sometimes we need to skip audit-ci check because
we are doing a bisect or just checking older commit.
Process an environment variable SKIP_AUDIT_CI and
if it's set - skip the audit-ci action.
https://pagure.io/389-ds-base/issue/50578
Reviewed by: mreynolds, vashirov (Thanks!)
- - - - -
54ae3dfb by Simon Pichugin at 2019-09-02T14:12:31Z
Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted
Description: By default, remove ldif.done files after running cl-dump.
Add an option '-l' which allows keep the files.
Modify 'dsconf replication dump-changelog' command accordingly.
Update man files.
https://pagure.io/389-ds-base/issue/50572
Reviewed by: firstyear, mreynolds (Thanks!)
- - - - -
0a343893 by Simon Pichugin at 2019-09-02T16:16:10Z
Issue 50545 - Port fixup-memberuid and add the functionality to CLI and UI
Description: fixup-memberuid.pl script corrects mismatched member and uniquemember values.
Port to existing CLI tools and add the button (similar to memberOf fixup task) to UI.
https://pagure.io/389-ds-base/issue/50545
Reviewed by: mreynolds, firstyear (Thanks!)
- - - - -
aa17a8f9 by Simon Pichugin at 2019-09-03T15:59:29Z
Issue 50550 - DS installer debug messages leaking to ipa-server-install
Bug Description:
DS installer debug messages are now leaked in the main ipa-server-install output.
This looks as a (very minor) regression, I did not see this text in the past.
Fix Description:
Clean up loging in lib389. Replace 'sepolicy' module with subprocess call
to 'semanage' tool. It is done because 'sepolicy' has verbose output that
appears on 'import'. Instead of developing a tricky workaround, direct
'semange' call was used.
https://pagure.io/389-ds-base/issue/50550
Reviewed by: firstyear, mreynolds, mhonek (Thanks!)
- - - - -
ba425453 by William Brown at 2019-09-03T23:58:43Z
Ticket 50567, 50568 - strict host check disable and display container version
Bug Description: This is a minor fix to disable strict host checking
by default as it causes some installs to unexpectedly fail. We also
display the container version by default to aid future issue reports.
Fix Description: strict host check to false, and print paths.version.
https://pagure.io/389-ds-base/issue/50568
https://pagure.io/389-ds-base/issue/50567
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
295ea072 by William Brown at 2019-09-04T00:04:02Z
Ticket 50576 - Same proc uid/gid maps to rootdn for ldapi sasl
Bug Description: In containers the directory server process may
not start as root, and root may not even be accessible. This means
that some local administration is difficult to achieve. By allowing
the running process id to map to rootdn (directory manager), we have
the same effective security, but ease use of some cli tools.
Fix Description: Allow uid/gid to map to root dn
https://pagure.io/389-ds-base/issue/50576
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
a096b07c by Mark Reynolds at 2019-09-06T19:42:04Z
Bump version to 1.4.2.0
- - - - -
00403323 by Mark Reynolds at 2019-09-07T11:37:42Z
Issue 50546 - Fix various issues in UI
Description: This patch addresses several issues:
- #50546 - Exports from Cockpit can be stored outside of /var/lib/dirsrv/slapd-instance_name/ldif/
- #50418 - dsctl remove does not cleanup /etc/tmpfiles.d
- #50554 - Cockpit incorrectly shows that a server is in read-only mode
- #49856 - Changing port should adjust selinux labels
- This also enforces a minimum password length for root DN
- Added confirmation modal is you disable LDAPI(and UI)
- Added port verification
- Created new "view" modals for schema instead oi reusing edit forms
- Improved instance creation form validation
- Added a progress bar for doing the initial load of configuration
relates: https://pagure.io/389-ds-base/issue/50546
Reviewed by: spichugi(Thanks!)
- - - - -
4a84f843 by Simon Pichugin at 2019-09-09T07:10:31Z
Issue 50173 - Add the validate-syntax task to the dsconf schema
Description: Perl scripts will be removed. And we should have
the replacement for syntax-validate.pl. We should add the CLI
option to dsconf schema.
Add validate-syntax task subcommand for 'dsconf schema'.
Add a test for syntax validate task
https://pagure.io/389-ds-base/issue/50173
https://pagure.io/389-ds-base/issue/50545
Reviewed by: firstyear (Thanks!)
- - - - -
38d1b0a0 by Simon Pichugin at 2019-09-09T11:53:36Z
Issue 50586 - lib389 - Fix DSEldif long line processing
Description: When dse.ldif has a very long line inthe attribute value,
it puts it to the next line and adds ' '.
We should process it correctly in lib389.
https://pagure.io/389-ds-base/issue/50586
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
041f71c2 by Mark Reynolds at 2019-09-09T20:36:20Z
Issue 50546 - fix more UI issues
Description: In schema.js do not reset "ds-input" class's border. In FF
it makes all the field ugly. Also fixed the plugin forms
to be nicer and easier to read
relates: https://pagure.io/389-ds-base/issue/50546
Reviewed by: mreynolds (one line commit rule)
- - - - -
d0c846be by Tibor Dudlák at 2019-09-10T16:22:57Z
Do not use comparision with "is" for empty value
There is a warning with python 3.8 at fedora rawhide about
comparision with "is" while running ipa-server install:
dirsrv_log.py:148: SyntaxWarning: "is not" with a literal. Did you mean "!="
Removing "is not ''" as this should not be needed
to make sure that timedata['nanosecond'] is empty.
Signed-off-by: Tibor Dudlák <tdudlak at redhat.com>
- - - - -
db876c62 by Mark Reynolds at 2019-09-10T19:14:42Z
Issue 50546 - fix more UI issues(part 2)
Description: Fixed minor issues not fully addressed from the last commit
relates: https://pagure.io/389-ds-base/issue/50546
Reviewed by: mreynolds (one line commit rule)
- - - - -
828ebf66 by William Brown at 2019-09-10T23:31:32Z
Ticket 50584, 49212 - docker healthcheck and configuration
Bug Description: Docker is managed by providing values from the
environment. To know if this is ready to make changes to our
local instance, we need to be able to check the instance is
healthy. In addition, docker has a health check process which
can allow monitoring and management of instances as they start.
Fix Description: This provides a healthcheck tool and allows
configuration by the envirnoment for the directory manager
password, and allows indicating via the env to perform a
db2index on startup.
https://pagure.io/389-ds-base/issue/49212
https://pagure.io/389-ds-base/issue/50584
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
00e33315 by Matus Honek at 2019-09-11T11:00:53Z
Issue 50580 - Perl can't be disabled in configure
Bug description:
Due to incorrect use of AC_ARG_ENABLE macro arguments' semantics some
calls like ./configure --disable-* and --enable-*=no worked
unexpectedly like --enable-*=yes.
Fix description:
As this issue affects several ./configure options all were fixed. The
fix uses the fourth argument of the AC_ARG_ENABLE to set the default in
case no option was provided. In case an explicit --disable-* or
--enable-* argument was provided to ./configure the respective $enable_*
variable is implicitly populated by autoconf, hence subsequent
if-else statements take care of additional operations based on the
variable's value.
For the record, some implementations of the options pre-set the default
value before the AC_ARG_ENABLE in case the respective $enable_* variable
has not been set. This is a correct approach, hence left as is.
Resolves: https://pagure.io/389-ds-base/issue/50580
Author: Matus Honek <mhonek at redhat.com>
Review-By: Mark (thanks!)
- - - - -
9e88e197 by Ludwig Krispenz at 2019-09-12T13:51:57Z
Issue 50506 - Fix regression for relication stripattrs
Bug: When parsing the provided attribute value, a reference was used
and modified, the original attribute was corrupted
Fix: Use a copy for parsing
Reviewed by: ?
- - - - -
0caae8aa by Ludwig Krispenz at 2019-09-12T14:42:46Z
Ticket 50593 Investigate URP handling on standalone instance
Bug: If the MMR plugin is enabled (on by default)
even if no replica was configured the MMR plugins were called
and eventually tried to generate cenotaphs for modrdn ops-
Fix: Check early if the operation affects a backend without replication
and return
- - - - -
99f11312 by Sylvie Gouverneyre at 2019-09-13T14:51:48Z
ticket 50510 - etime can contain invalid nanosecond value
Bug Description:
When running the test on upstream backported version, the skipif line has to be manually commented
Fix description :
changed skifif to xfail, the test being written so that it is able to manage the failures.
This is a temporary fix, as the test will have to be modified when bug 1749236 related to this feature will be fixed.
- - - - -
c403a39c by Mark Reynolds at 2019-09-16T19:31:15Z
Issue 50604 - Fix UI validation
Description:
This issue has been opened to track a series of bugzillas that were filed by our QE group during a massive UI testing day. Here are the issues being addressed in this issue:
- Replication agreement disappears from table after browser refresh
- https://bugzilla.redhat.com/show_bug.cgi?id=1751128
- Fix log rotation time validation
- https://bugzilla.redhat.com/show_bug.cgi?id=1751004
- Check backup/ldif name to see if it already exists
- https://bugzilla.redhat.com/show_bug.cgi?id=1751007
- https://bugzilla.redhat.com/show_bug.cgi?id=1751009
- Root DN should not be editable
- https://bugzilla.redhat.com/show_bug.cgi?id=1751011
- Backup should check if there is a database available
- https://bugzilla.redhat.com/show_bug.cgi?id=1751019
- Also fixed backup duplicate timestamp issue
- Fixed instance creation error handing
- https://bugzilla.redhat.com/show_bug.cgi?id=1751026
- Fixed export/inout issues. Check for existing back or ldif
- https://bugzilla.redhat.com/show_bug.cgi?id=1751019
- Validate SSL version min and max
- https://bugzilla.redhat.com/show_bug.cgi?id=1751072
- Can not promte/demote replica
- https://bugzilla.redhat.com/show_bug.cgi?id=1751145
- Database link creation and deletion issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1751157
- Agreement name validation during creation
- https://bugzilla.redhat.com/show_bug.cgi?id=1751165
- Validate referral port
- https://bugzilla.redhat.com/show_bug.cgi?id=1751173
- Fix deleteion of config attributes
- https://bugzilla.redhat.com/show_bug.cgi?id=1751190
There was an overall improvement when creating suffixes/databases on how to initialize them
relates: https://pagure.io/389-ds-base/issue/50604
Reviewed by: spichugi(Thanks!)
- - - - -
4c5a4316 by Thierry Bordaz at 2019-09-17T13:21:05Z
Ticket 50581 - ns-slapd crashes during ldapi search
Bug Description:
Using ldapi, if the length of the socket file path exceeds
46 bytes it triggers a buffer overflow while reseting a connection.
Reset happens at open/close/error.
Fix Description:
Use a buffer sized for a PRNetAddr.local.path (~100bytes)
Use of MAXPATHLEN (4kb) is too much.
https://pagure.io/389-ds-base/issue/50581
Reviewed by: William Brown, Alexander Bokovoy, Mark Reynolds, Simon Pichugi
Platforms tested: F30 (thanks !!)
Flag Day: no
Doc impact: no
- - - - -
2b44a279 by Mark Reynolds at 2019-09-17T14:36:30Z
Bump version to 1.4.2.1
- - - - -
16cf97e1 by Ludwig Krispenz at 2019-09-18T15:13:19Z
Ticket: 50610 memory leak in dbscan
Bug: the latest allocation of a database iteratioj is not freed,
Fix: after the iteration free key/data structs
Reviewed by: Mark, thanks
- - - - -
56ea32d6 by Viktor Ashirov at 2019-09-23T08:00:49Z
Issue 50615 - Log current test name to journald
Bug Description:
Sometimes server crashes during test execution, events about crash are
logged to journald. But it's not easy to tell in which test the crash
happened, especially during the full test run.
Fix Description:
Add a fixture that is used automatically for all tests (if the server is
built with systemd) on setup and teardown, and logs a message to journald
Fixes: https://pagure.io/389-ds-base/issue/50615
Reviewed by: mreynolds (Thanks!)
- - - - -
fce5c6c0 by Mark Reynolds at 2019-09-25T14:49:37Z
Issue 50620 - Fix regressions from 50506 (slapi_enry_attr_get_ref)
Description: Some crashes were found in upstream testing. Needed
to revert slapi_entry_attr_get_ref() back to slapi_entry_attr_get_charptr()
relates: https://pagure.io/389-ds-base/issue/50620
Reviewed by: tbordaz(Thanks!)
- - - - -
4b987b3a by William Brown at 2019-09-26T00:55:53Z
Ticket 50617 - disable cargo lock
Bug Description: We need cargo lock for future offline builds, but
the version of cargo in suse/rhel seems to old to support vendoring.
Fix Description: For now, disable this, and rely on "online" builds
(but we have no/few external deps anyway)
https://pagure.io/389-ds-base/issue/50617
Author: William Brown <william at blackhats.net.au>
Review by: mhonek, mreynolds (thanks!)
- - - - -
28f40a83 by William Brown at 2019-09-26T01:00:25Z
Ticket 50595 - remove syslog.target requirement
Bug Description: Syslog.target is removed in newer systemd versions.
Fix Description: Remove the target because it's no longer relevant.
https://pagure.io/389-ds-base/issue/50595
Author: William Brown <william at blackhats.net.au>
Review by: mhonek (Thanks)
- - - - -
54df38ee by William Brown at 2019-09-26T01:12:06Z
Ticket 50622 - ds_selinux_enabled may crash on suse
Bug Description: SUSE doesn't have the python-selinux module by
default, so this tool crashes as it can't find the python
module for import.
Fix Description: ATtempt to import the library, and on failure
return false for enabled.
https://pagure.io/389-ds-base/issue/50622
Author: William Brown <william at blackhats.net.au>
Review by: mhonek (Thanks!)
- - - - -
761dd658 by Simon Pichugin at 2019-09-26T07:13:26Z
Issue 50545 - Port repl-monitor.pl to lib389 CLI
Description: Add a new command to 'dsconf replication' CLI.
'dsconf replication monitor' generates a report which
shows the replication topology to which the instance does belong.
Additional arguments:
-c or --connections [CONNECTION [CONNECTION ...]]
The connection values for monitoring other not
connected topologies. The format:
'host:port:binddn:bindpwd'. You can use regex for host
and port. You can set bindpwd to * and it will be
requested at the runtime or you can include the path
to the password file in square brackets - [~/pwd.txt]
-a or --aliases [ALIAS [ALIAS ...]]
If a host:port is assigned an alias, then the alias
instead of host:port will be displayed in the output.
The format: alias=host:port
Also, ~/.dsrc can be used for specifying the connections and aliases.
[repl-monitor-connections]
connection1 = server1.example.com:38901:cn=Directory manager:*
connection2 = server2.example.com:38902:cn=Directory manager:[~/pwd.txt]
connection3 = hub1.example.com:.*:cn=Directory manager:password
[repl-monitor-aliases]
M1 = server1.example.com:38901
M2 = server2.example.com:38902
https://pagure.io/389-ds-base/issue/50545
Reviewed by: mreynolds (Thanks!)
- - - - -
d41ef935 by Viktor Ashirov at 2019-09-26T07:59:15Z
Issue 50627 - Add ASAN logs to HTML report
Bug Description:
ASAN-enabled server generates error logs, it would be nice to collect
them and identify tests that caused the error.
Fix Description:
Add a hook for pytest-html plugin to add logs generated by ASAN to the
html report. After test is done, these logs will be rotated.
Fixes: https://pagure.io/389-ds-base/issue/50627
Reviewed by: mreynolds (Thanks!)
- - - - -
11bb10ff by Mark Reynolds at 2019-09-26T13:43:18Z
bump version to 1.4.2.2
- - - - -
2e85b4a3 by Mark Reynolds at 2019-09-27T21:23:49Z
Issue 50499 - Fix npm audit issues
Description; Updated npm handlebars package
relates: https://pagure.io/389-ds-base/issue/50499
- - - - -
205778fc by William Brown at 2019-10-01T23:26:40Z
Ticket 50619 - extend commands to have more modify options
Bug Description: Extend dsidm to support modifying more types of
entries.
Fix Description: Can now modify groups, posixgroup, ou and others
from the cli without an ldifmodify
https://pagure.io/389-ds-base/issue/50619
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
e0492360 by William Brown at 2019-10-01T23:33:55Z
Ticket 50632 - Add ensure attr state so that diffs are easier from 389-ds-portal
Bug Description: We did not have a stateful attribute update system.
Fix Description: Add a stateful attribute update that asserts attributes
and values are in a known state, and updates in a single modification if not.
https://pagure.io/389-ds-base/pull-request/50632
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
52f2b0db by Thierry Bordaz at 2019-10-07T13:10:42Z
Ticket 50636 - Crash during sasl bind
Bug Description:
Sasl bind registers IO layers (sasl_IoMethods) that will be
pushed (and called) by the next incoming operation.
So the next incoming operation should synchronize itself
with the sasl bind.
Fix Description:
The call to connection_call_io_layer_callbacks, that pushes
registered methods, must hold c_mutex so that it let
a pending sasl bind to fully register the methods.
https://pagure.io/389-ds-base/issue/50636
Reviewed by: Ludwig Krispenz, Mark Reynolds
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
1ac74076 by Viktor Ashirov at 2019-10-08T06:49:19Z
Issue 50638 - RecursionError: maximum recursion depth exceeded while calling a Python object
Bug Description:
DSLdapObject has an overridden `__getattr__` method. In case the requested
attribute doesn't exist, `getattr()` goes into an infitite recursive loop,
only to be interrupted by a `RecursionError` exception.
`rename()` method has one such lookup for a non-existent attribute,
and it's not used at all.
Fix Description:
* Restore the default behaviour of `getattr()` when attribute doesn't exist.
* Remove unneeded attribute lookup in `rename()`.
Fixes: https://pagure.io/389-ds-base/issue/50638
Reviewed by: mreynolds, mhonek, firstyear (Thanks!)
- - - - -
f6bd667d by Anuj Borah at 2019-10-09T10:09:34Z
Issue: 48851 - investigate and port TET matching rules filter tests(indexing more test cases)
Bug Description: Investigate and port TET matching rules filter tests(indexing more test cases)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
b7d11180 by Ludwig Krispenz at 2019-10-10T08:57:02Z
Ticket - 50349 - additional fix: filter schema check must handle subtypes
Bug: if the filter did contain an attribute with a subtype eg givenname;lang-de
then the schema lookup failed.
Fix: The subtype needs to be removed befor asi lookup
Reviewed by: William, Thiery, Mark - thanks
- - - - -
94c74015 by Ludwig Krispenz at 2019-10-10T11:35:26Z
Ticket 49476 - refactor ldbm backend to allow replacement of BDB
BACKEND REDESIGN -Phase 1
This patch provides the first phase of the backend redesign. It does
split the configuration of the LDBM layer and the DB specific layer.
The dblayer_private defines a set of functions to be used by the LDBM
layer and to be implemented by the DB layer.
Currently this is only done for the BDB implementation, the patch automatically
splits the configuration for existing instances
See also:
http://www.port389.org/docs/389ds/design/backend-redesign.html
- - - - -
c8ac6fca by Ludwig Krispenz at 2019-10-10T11:35:26Z
Ticket 49476 - backend refactoring phase1, fix failing tests
this patch fixes a couple of failing tests
- passwordpolicy, failing sometimes, with and without backend patch,
adding a sleep makes it pass
- ticket48906 - check did look for backend config params in the (now)
wrong entry
- ticket48252 - incorrect parameters passed to db2index, which only
had effect with th enew backend code
- ticket49076 - bug in bdb_config code, fixe
- - - - -
6377bc78 by William Brown at 2019-10-11T01:10:13Z
Ticket 50627 - Support platforms without pytest_html
Bug Description: On systems without pytest_html the conftest
hook would cause tests to fail
Fix Description: If pytest_html is none, don't write the report
to avoid the failure.
Fixes: https://pagure.io/389-ds-base/issue/50627
Author: William Brown <william at blackhats.net.au>
Review by: vashirov
- - - - -
c95f6cfb by Barbora Smejkalova at 2019-10-11T11:48:58Z
Add new test suite to test migration between RHDS versions
Description:
Created migration test suite, which will be used with ansible for testing import/export
and replication method between RHDS versions. These tests can be executed only in specific
test environment and therefore will be skipped in normal test run.
Reviewed by: vashirov, firstyear (Thanks!)
- - - - -
7a0a090c by Mark Reynolds at 2019-10-16T18:56:46Z
Issue 50646 - Improve task handling during shutdowns
Bug Description: There is a race condition when stopping the server and
a running import task that can cause a heap-use-after-free.
Fix Description: For an import task, encapsulate the import thread with
a global thread increment/decrement (just like the export
task). Also improved how tasks are notified to abort by
notifiying them before we wait for active threads to finish.
Then the tasks get destroyed after all threads are complete.
relates: https://pagure.io/389-ds-base/issue/50646
Reviewed by: lkrispen & tbordaz (Thanks!!)
- - - - -
cc1c946b by Mark Reynolds at 2019-10-16T19:07:57Z
Issue 50653 - objectclass parsing fails to log error message text
Description: When replacing an objectclass, if it already exists we
log an error but we do not log what objectclass it is.
This commit adds the error message text.
relates: https://pagure.io/389-ds-base/issue/50653
Reviewed by: abbra(Thanks!)
- - - - -
225f4e17 by Mark Reynolds at 2019-10-16T21:00:05Z
Issue 50655 - access log etime is not properly formatted
Description: The wrong printf format was used for displaying the nanosecond etime
in the access log.
relates: https://pagure.io/389-ds-base/issue/50655
Reviewed by: firstyear(Thanks!)
- - - - -
fc476208 by Mark Reynolds at 2019-10-16T23:50:04Z
Issue 49850 - ldbm_get_nonleaf_ids() slow for databases with many non-leaf entries
Bug Description: The logs from an LDIF import indicated that gathering non-leaf IDs
for creating the ancestorid index took an enormous amount of time,
over 10hrs. The root cause is that the parentid index btree ordering
is lexical, but the IDList being built up from it is sorted numerically.
In the existing code, the IDList is maintained in constantly sorted
order by idl_insert().
Fix Description: ldbm_get_nonleaf_ids() switches to idl_append_extend() instead idl_insert()
for building up the IDList and then sorts the result only once, using
qsort with idl_sort_cmp, after the entire list has been gathered.
The improvement on identical hardware is for the operation to take 10
seconds rather than 10 hours
Patch Author: Thomas Lackey <telackey at bozemanpass.com> Thanks for the great contribution!!!
relates: https://pagure.io/389-ds-base/issue/49850
Reviewed by: mreynolds, tbordaz, and firstyear (Thanks!)
- - - - -
2f5daa79 by Sylvie Gouverneyre at 2019-10-17T08:10:26Z
Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request"
Bug Description:
When a search fails because it requests more than one empty attribute,
the search base DN is always logged as "(null)".
Fix Description:
The search base DN for the failed search request is logged.
This commit includes the automated test to verify the correct behavior.
Fixes https://pagure.io/389-ds-base/issue/50428
Relates: https://pagure.io/389-ds-base/issue/49969
Author: Sylvie Gouverneyre
Reviewed by: Viktor Ashirov, Simon Pichugin, Thierry Bordaz
- - - - -
166a594c by Anuj Borah at 2019-10-17T09:27:45Z
Issue: 48851 - Investigate and port TET matching rules filter tests(match more test cases)
Bug Description: Investigate and port TET matching rules filter tests(match more test cases)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
a2e3c02e by Simon Pichugin at 2019-10-18T06:00:06Z
Issue 50634 - Clean up CLI errors output
Description: CLI tools should print human easy readable messages
if something went wrong.
As discussed here: https://pagure.io/389-ds-base/pull-request/50624
Change the CLI error processing so the dict type is always transformed.
https://pagure.io/389-ds-base/issue/50634
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
1563a9d8 by Viktor Ashirov at 2019-10-18T13:58:16Z
Issue 50660 - Build failure on Fedora 31
Bug Description:
node-sass v4.11 is not compatible with nodejs-12 that is shipped with
Fedora 31.
Fix Description:
Bump node-sass version to v4.12
Relates/Fixes: https://pagure.io/389-ds-base/issue/50660
Reviewed by: ???
- - - - -
abc6f165 by Simon Pichugin at 2019-10-21T16:25:20Z
Issue 50634 - Clean up CLI errors output - Fix wrong exception
Description: The previous commit takes care only about ValueError
evaluation. But it is possible that other exceptions will be raised
which will result in a wrong error output.
Make the exception object more general.
https://pagure.io/389-ds-base/issue/50634
Reviewed by: ?
- - - - -
52b3eb0f by Ludwig Krispenz at 2019-10-24T12:07:45Z
Ticket 49850 cont -fix crash in ldbm_non_leaf
Bug: if the ldif to be imported contains only one entry there are no leaf nodes
and the call to qsort crashes
Fix: check that nodes is not NULL
- - - - -
44e92dc8 by William Brown at 2019-10-25T02:34:26Z
Ticket 50669 - remove nunc-stans
Bug Description: We have been attempting to modernise our
connection code for a long time - one attempt was nunc-stans.
However after a series of attempts to integrate it, and multiple
failures we discussed this in the listed email thread and decided
to remove this.
https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org/thread/3JRQQRIPOVDLLRD2QMF2PWNHJGZFUDCC/
Fix Description: rm -r src/nunc-stans
https://pagure.io/389-ds-base/issue/50669
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
30ae2d70 by Viktor Ashirov at 2019-10-25T19:59:51Z
Issue 50669 - Fix RPM build
Bug Description:
rpm build fails due to missing libnunc-stans.so:
```
RPM build errors:
File not found: /workspace/ds/rpmbuild/BUILDROOT/389-ds-base-1.4.2.2-20191025git44e92dc8b.fc30.x86_64/usr/lib64/dirsrv/libnunc-stans.so.*
make: *** [rpm.mk:115: rpms] Error 1
```
Fix Description:
Update 389-ds-base.spec file
Relates: https://pagure.io/389-ds-base/issue/50669
- - - - -
5e338e97 by Mark Reynolds at 2019-10-30T13:00:52Z
Issue 50677 - Map subtree searches with NULL base to default naming context
Description:
The Root DSE entry is retreived by using a empty/NULL search base, and a
search scope of "BASE". According to the RFCs these are the exact requirements
for returning the Root DSE, but it does not dictate what you must do if
a different search scope is used. In DS we will return NO_SUCH_OBJECT if
the scope is ONE or SUBTREE. In AD it will use the default suffix in this
case.
To be more compatible AD, specifically global catalog, 389 should also return
the default naming context for a non-Root DSE search(a NULL suffix with a
scope of ONE, or SUBTREE).
relates: https://pagure.io/389-ds-base/issue/50677
Reviewed by: firstyear(Thanks!)
- - - - -
8166d834 by Anuj Borah at 2019-10-30T14:26:13Z
Issue: 48055 - CI test - automember_plugin(part1)
CI test - automember_plugin(part1) and add nsAdminGroup
Relates: https://pagure.io/389-ds-base/issue/48055
Fixes: https://pagure.io/389-ds-base/issue/50515
Author: aborah
Reviewed by: Simon Pichugin, Mark Reynolds, Viktor Ashirov
- - - - -
d400bc1d by Matus Honek at 2019-10-31T11:19:23Z
Issue 50669 - Remove nunc-stans in favour of reworking current conn code (add.)
Bug Description:
There are a bit more pieces that should be removed for the ticket.
Fix Description:
Remove some additional code. Some documentation still left in place for
reference.
Relates https://pagure.io/389-ds-base/issue/50669
Author: Matus Honek <mhonek at redhat.com>
Review by: mreynolds, firstyear (thanks!)
- - - - -
3f4f52a7 by Viktor Ashirov at 2019-10-31T13:56:13Z
Issue 50680 - Remove branding from upstream spec file
Bug Description:
Branding logic is triggered in EPEL builds. We should not have it in
upstream as it should be applied in the downstream only.
Fix Description:
Remove branding.
Fixes: https://pagure.io/389-ds-base/issue/50680
Reviewed by: mreynolds (Thanks!)
- - - - -
5e48e9f4 by Mark Reynolds at 2019-10-31T20:53:07Z
Issue 50592 - Port Replication Tab to ReactJS
Description: Ported the replication tab to React. Made many
other improvements throughout the UI:
- Protected "Treeviews" by disable/enable as components are relaoded
- Add a new Double Confirmation Modal/Popup
- Added a script (buildAndWatch.sh) for faster/more convenient developing
- Added a new RUV fucntion for the CLI, and made other lib389 improvements:
- Added support for not only "dc" suffixes, but also "o", "ou", and "cn"
relates: https://pagure.io/389-ds-base/issue/50592
Reviewed by: spichugi(Thanks!)
- - - - -
12991435 by Mark Reynolds at 2019-11-03T20:38:11Z
Bump version to 1.4.2.3
- - - - -
5202ad8b by Simon Pichugin at 2019-11-04T21:15:43Z
Issue 50499 - Fix npm audit issues
Description: Updated npm handlebars package to 4.4.5
relates: https://pagure.io/389-ds-base/issue/50499
- - - - -
cc8bfec0 by William Brown at 2019-11-05T05:00:37Z
Ticket 50633 - Add cargo vendor support for offline builds
Bug Description: At suse/rh we need to be able to build offline. To
achieve this we need offline builds. This adds support for these in
389-ds with cargo and rust.
Fix Description:
This adds cargo vendor support for offline builds,
and shows that they work. We add a stub library for librslapd/libslapd
so that we can begin to develop features in rust.
To build normally: work as usual.
To build offline: make -f rpm.mk download-cargo-dependencies
./configure --enable-rust --enable-rust-offline
Continue to build as usual.
A note to keep in mind is cargo test does not work offline as
dev-dependencies are not vendored.
The download-cargo-dependencies has been added to dist-bz2 for
distributions.
https://pagure.io/389-ds-base/pull-request/50633
Author: William Brown <william at blackhats.net.au>
Review by: mhonek (Thanks)
- - - - -
f701d18f by Matúš Honěk at 2019-11-06T14:31:20Z
Issue 50199 - Disable perl by default
Bug Description:
Setting PERL_ON=0 in 389-ds-base.spec.in still builds with Perl
due to the fix in PR #50200.
Fix Description:
Introduce use_legacy in SPEC file (dropping use_perl for clarity), and
keep logic for *perl* flags in other layers for compatibility and
add *legacy* flags to encapsulate the additional changes that need to
be done to which files are being installed when building with/without Perl.
Relates https://pagure.io/389-ds-base/issue/50199
Relates https://pagure.io/389-ds-base/pull-request/50200
Author: Matus Honek <mhonek at redhat.com>
Review by: mreynolds, firstyear, vashirov (thanks!)
- - - - -
1747f910 by Mark Reynolds at 2019-11-06T16:08:50Z
Issue 50689 - Failed db restore task does not report an error
Bug Description: If you have a back up that contains a backend that
is not configured the restore fails, but a success
return code is returned to the client. This happens
becuase the return code gets overwritten after the
failure.
Fix Description: Preserve the error code upon failure and properly update
the task exit code.
relates: https://pagure.io/389-ds-base/issue/50689
Reviewed by: tboardaz & lkrispen(Thanks!!)
Never rewrite the orginal error code
- - - - -
83d41432 by William Brown at 2019-11-07T00:44:33Z
Ticket 50007, 50648 - improve x509 handling.
Bug Description: certutil and nssdb have fallen from favour
and are really not easy to use. Most admins are used to PEM
files and much easier TLS management.
Fix Description: Add some basic and simple wrappers to support
a set of common operations such as listing TLS certs, making a CSR
and importing PEM files - including from services like let's encrypt
https://pagure.io/389-ds-base/issue/50007
https://pagure.io/389-ds-base/pull-request/50648
Author: William Brown <william at blackhats.net.au>
Review by: spichugi, mreynolds (Thanks!)
- - - - -
5a26d545 by William Brown at 2019-11-07T00:56:13Z
Ticket 50641 - Update default aci to allows users to change their own password
Bug Description: The default acis were too restrictive - we do want
people to be able to self change passwords by default!
Fix Description: Fix the default aci's and add tests to prove they behave
as we actually expect.
https://pagure.io/389-ds-base/pull-request/50641
Author: William Brown <william at blackhats.net.au>
Review by: vashirov
- - - - -
a3d876fa by William Brown at 2019-11-07T00:56:13Z
Update to mark as skipif
- - - - -
6dcf4067 by William Brown at 2019-11-07T01:35:21Z
Update based on Marks feedback
- - - - -
21f2a06c by Mark Reynolds at 2019-11-08T21:57:32Z
Issue 50696 - Fix various UI bugs
https://bugzilla.redhat.com/show_bug.cgi?id=1751004
Bug 1751004 - Log Settings "Create New Log Every" takes non integer as input, it even takes alphabets
https://bugzilla.redhat.com/show_bug.cgi?id=1748349
Bug 1748349 - 'View objectclass' modal dialog doesn't have all controls disabled
https://bugzilla.redhat.com/show_bug.cgi?id=1688614
Bug 1688614 - Chaining Configuration Error: Cockpit had an unexpected internal error
https://bugzilla.redhat.com/show_bug.cgi?id=1748355
Bug 1748355 - LDAPI and Autobind configuration should have a warning
https://bugzilla.redhat.com/show_bug.cgi?id=1751157
Bug 1751157 - Cannot Create Database Link
https://bugzilla.redhat.com/show_bug.cgi?id=1751011
Bug 1751011 - DS instance can be easily destroyed by changing non existing Directory Manager DN
https://bugzilla.redhat.com/show_bug.cgi?id=1688663
Bug 1688663 - Cockpit: Enable Replication failed with error "Failed to add replication manager because the base DN of the entry does not exist"
https://bugzilla.redhat.com/show_bug.cgi?id=1751035
Bug 1751035 - Allow and Deny same Ciphers same time
relates: https://pagure.io/389-ds-base/issue/50696
Reviewed by: spichugi(Thanks!)
- - - - -
66a21bfc by Matus Honek at 2019-11-11T14:05:43Z
Issue #50683 - Makefile.am contains unused RPM-related targets
Bug Description:
Makefile.am contains some targets very similar to the ones in rpm.mk but
most likely unused by anyone and also untouched recently unlike the
rpm.mk ones.
Fix Description:
Remove the targets for cleanness and reducing confusion.
Fixes https://pagure.io/389-ds-base/issue/50683
Author: Matus Honek <mhonek at redhat.com>
Review by: firstyear, mreynolds (thanks!)
- - - - -
15789e89 by Viktor Ashirov at 2019-11-12T10:11:27Z
Issue 49761 - Fix CI test suite issues
Description:
Fix various test issues on RHEL7 and RHEL8:
* systemd on RHEL7 doesn't have --value option.
Drop --value option and parse the output manually.
* Use newer BDB config only on 1.4.2+.
* Skip tests/suites/password/pbkdf2_upgrade_plugin_test.py on <1.4.1.
* Unhashed passwords are not logged by default only on 1.4.1.6+.
* String literal comparison doesn't work with double digits,
i.e. '1.3.10.1' > '1.3.2.1' returns False.
Use packaging.version to compare versions.
* Don't use nsAccount objectClass on versions <=1.4.x.
* Update skipif/xfail version to match downstream versions too.
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: firstyear (Thanks!)
- - - - -
7a7bc787 by Viktor Ashirov at 2019-11-12T11:56:10Z
Issue 50706 - Missing lib389 dependency - packaging
Description:
In 15789e8 I introduced a new dependency for lib389, thinking it's part
of python's standard library, but it's not. We need to explicitly
mention it in the spec file, requirements.txt and setup.py.
Fixes: https://pagure.io/389-ds-base/issue/50706
Reviewed by: mhonek (Thanks!)
- - - - -
2b8750d6 by Viktor Ashirov at 2019-11-12T17:21:30Z
Issue #50712 - Version comparison doesn't work correctly on git builds
Bug Description:
```
>>> get_ds_version()
'1.4.2.3.20191112git7a7bc7872'
>>> ds_is_older('1.4.0')
True
```
This happens because packaging.version returns a different object for
'1.4.2.3.20191112git7a7bc7872' (LegacyVersion) than for '1.4.0'
(Version).
And during comparison Version is always higher:
```
>>> x = Version('1.0')
>>> y = LegacyVersion('2.0')
>>> x > y
True
```
Fix Description:
Always use LegacyVersion during comparison
Fixes: https://pagure.io/389-ds-base/issue/50712
Reviewed by: tbordaz (Thanks!)
- - - - -
fb3d3559 by Barbora Smejkalova at 2019-11-13T10:14:05Z
Issue 50536 - After audit log file is rotated, DS version string is logged after each update
Description:
Created test case, which checks if DS version string is present only once
at the top of the audit log after it is rotated.
Relates: https://pagure.io/389-ds-base/issue/50536
Reviewed by: spichugi (Thanks!)
- - - - -
ddbe3c8f by Mark Reynolds at 2019-11-13T17:34:54Z
Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes
Bug Description: If there is an ACI that allows "search" access to an attribute,
the deref plugin access control checks sees this is a "read"
privilege and returns the attribute's value.
Fix description: For deref plugin we are only concerned with "read" access, not
"search" access. Removed the SLAPI_ACL_SEARCH right flag when
checking access for an attribute.
relates: https://pagure.io/389-ds-base/issue/50716
Reviewed by: lkrispen & tbordaz(Thanks!)
- - - - -
0493b01b by Mark Reynolds at 2019-11-13T21:00:18Z
Issue 50699 - Add Disk Monitor to CLI and UI
Description: Add the disk monitoring to the CLI and UI
relates: https://pagure.io/389-ds-base/issue/50699
Reviewed by: spichugi(Thanks!)
- - - - -
f90077f5 by Mark Reynolds at 2019-11-14T00:10:46Z
Issue 50644 - fix regression with creating sample entries
Bug Description: The previous commit for this issue missed how the aci's
were were being adjusted for each type of different
suffix rdn.
Fix Description: I just moved the aci creation into the base object
creation code where all the info needed was readily
available.
relates: https://pagure.io/389-ds-base/issue/50644
Reviewed by: firstyear(Thanks!)
- - - - -
334ba3fb by Viktor Ashirov at 2019-11-14T13:22:40Z
Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes
Description:
Add test case
Author: Mark Reynolds
Relates: https://pagure.io/389-ds-base/issue/50716
- - - - -
b77f04af by Ludwig Krispenz at 2019-11-14T15:14:00Z
Ticket 50659 AddressSanitizer: SEGV ... in bdb_pre_close
Bug: The crash reported is caused by calling dblayer_close twice in some
offline exec modes. Investigating the crash revealed another crash
in dbverify and memory leaks, one introduced by the backend
patch, two existing previously
Fix: - call dblayer_close only once
- initialize db env properly in dbverify execmode
- don't set sdn by reference when adding to entrydncache
- free collected instances from commandline in dbupgrade mode
- free bdb env in index mode
Reviewed by: William
- - - - -
1b277fb2 by Simon Pichugin at 2019-11-14T16:24:00Z
Issue 50634 - Fix CLI error parsing for non-string values
Bug Description: Sometimes the error message has int values and
it makes ' - '.join() function to fail.
Fix Description: Use a list comprehension to change the dict values to str.
https://pagure.io/389-ds-base/issue/50634
Reviewed by: ?
- - - - -
e7f0ec9e by Viktor Ashirov at 2019-11-14T18:22:33Z
Issue 49761 - Fix CI test suite issues
Description:
Fix few more issues around version detection.
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
c881f6ec by Mark Reynolds at 2019-11-14T21:05:32Z
Bump version to 1.4.2.4
- - - - -
21 changed files:
- + .cargo/config
- .gitignore
- Makefile.am
- README.md
- VERSION.sh
- configure.ac
- dirsrvtests/conftest.py
- + dirsrvtests/tests/stress/search/__init__.py
- + dirsrvtests/tests/stress/search/simple.py
- dirsrvtests/tests/suites/acl/acivattr_test.py
- + dirsrvtests/tests/suites/acl/default_aci_allows_self_write.py
- dirsrvtests/tests/suites/acl/roledn_test.py
- + dirsrvtests/tests/suites/automember_plugin/basic_test.py
- + dirsrvtests/tests/suites/automember_plugin/configuration_test.py
- + dirsrvtests/tests/suites/backups/backup_test.py
- dirsrvtests/tests/suites/basic/basic_test.py
- dirsrvtests/tests/suites/config/autotuning_test.py
- dirsrvtests/tests/suites/config/config_test.py
- dirsrvtests/tests/suites/cos/cos_test.py
- + dirsrvtests/tests/suites/disk_monitoring/disk_space_test.py
- dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/5ac5a8aadd42551ea0389907fd286b7d60157685...c881f6ec028d8c6b7efa7c5924e52ea037fac686
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/5ac5a8aadd42551ea0389907fd286b7d60157685...c881f6ec028d8c6b7efa7c5924e52ea037fac686
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20191126/e47d9c4f/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list