[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 54 commits: Bump version to 1.4.4
Timo Aaltonen
gitlab at salsa.debian.org
Tue Jun 2 09:36:16 BST 2020
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base
Commits:
5fc54f43 by Mark Reynolds at 2020-04-16T10:30:38-04:00
Bump version to 1.4.4
- - - - -
db6cd237 by Mark Reynolds at 2020-04-20T10:24:13-04:00
Issue 51031 UI - transition between two instances needs improvement
Bug Description: When you switch between instances in the UI, there is
no loading page, there is a long wait before the dropdown
menu changes, and it does not refresh the page content
(it still contains the previous instance's data).
Fix Description: Set the "loading" flag and the serverId right away when
instance is changed. Then we set the tab component's
key to the server ID so the content is automatically
refreshed.
fixes: https://pagure.io/389-ds-base/issue/51031
Reviewed by: spichugi(Thanks!)
- - - - -
e6023cab by Thierry Bordaz at 2020-04-21T15:20:51+02:00
Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1
Bug Description:
startTls pushes a network layer on top of the connection.
So when processing startTLS, there should not be a pending operation
else there is a risk that the operation sends back data on moving
network layer.
When startTls detects a pending operation it aborts startTls.
However if a new operation is received while processing startTls,
the operation is pending but can not be read because startTls
holds c_mutex.
Fix Description:
In case of unread pending operation, relax the control
and just log an information message.
https://pagure.io/389-ds-base/issue/51035
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
fe8547bc by Anuj Borah at 2020-04-22T13:27:16+05:30
Issue: 48055 - CI test - automember_plugin(part3)
Bug Description: CI test - automember_plugin(part3)
Relates: https://pagure.io/389-ds-base/issue/48055
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
3ca89e31 by Mark Reynolds at 2020-04-22T08:41:45-04:00
Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
Bug Description: There are several issues with using /dec/shm/disrv/
for the db home directory. Cantainers have issues,
and system reboots can cause issues too.
Fix Description: Using just /dev/shm/slapd-INST solves all the permission
issues, but that requires a new selinux label, so
for now we will just set the db home directory to the
database directory (effectively disabling the change).
relates: https://pagure.io/389-ds-base/issue/49731
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
69a389e0 by Thierry Bordaz at 2020-04-22T15:22:37+02:00
Ticket 50877 - task to run tests of csn generator
Bug Description:
It exists a test of csn generator (csngen_test()).
It is not called from any function.
Fix Description:
register a task container 'cn=csngen_test,cn=tasks,cn=config"
that calls the test function
https://pagure.io/389-ds-base/issue/50877
Reviewed by: William Brown (Thanks !)
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
8635444b by root at 2020-04-22T17:57:05+02:00
Ticket 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins
Bug: Changes by internal operations were not handled by the sync repl plugin
Fix: Register sync repl postop functions also for internal ops
Reviewed by: xAThierry, thanks
- - - - -
2333d75d by Mark Reynolds at 2020-04-22T14:29:43-04:00
Bump version to 1.4.4.1
- - - - -
05f86617 by Simon Pichugin at 2020-04-24T14:50:01+02:00
Issue 51027 - Test passwordHistory is not rewritten on a fail attempt
Description: Add a test that check that "passwordHistory" attribute
for a user doesn't get updated if a password change fails due to
password repetition.
Add a fixture for the test user and its ACI.
https://pagure.io/389-ds-base/issue/51027
Reviewed by: tbordaz (Thanks!)
- - - - -
326be2c9 by Mark Reynolds at 2020-04-24T10:12:56-04:00
Issue 50545 - Port dbgen.pl to dsctl
Description: Ported the main features to lib389 and added some other useful features:
Now there are several LDIFs that can be created:
- User LDIFs (different types)
- Group LDIFs
- COS LDIFs
- Role LDIFs
- Modification LDIFs
- Nested LDIFs
Design Doc: https://www.port389.org/docs/389ds/design/dbgen-design.html
fixes: https://pagure.io/389-ds-base/issue/50545
Reviewed by: firstyear & spichugi(Thanks!!)
Fix various issue and improve ldif file validation
Add summary of settings to output, and set the default location of user/nested LDIF to be in the server's LDIF directory
- - - - -
53e9d9f9 by Mark Reynolds at 2020-04-24T12:35:38-04:00
Issue 50499 - fix npm audit issues
Description: Fix npm audit amd update npm packages
relates: https://pagure.io/389-ds-base/issue/50499
Reviewed by: spichugi(Thanks!)
- - - - -
0f446a54 by Mark Reynolds at 2020-04-24T12:40:47-04:00
Issue 51047 - React deprecating ComponentWillMount
Description: ComponentWillMount has been deemed as unsafe, switching to
ComponentDidMount is the preferred solution and does not
seem to affect the UX.
Fixes: https://pagure.io/389-ds-base/issue/51047
Reviewed by: spichugi(Thanks!)
- - - - -
1b8a6be1 by Viktor Ashirov at 2020-04-29T15:46:08+02:00
Issue 49761 - Fix CI tests
Description:
* Update pytest markers
* Fix changelog test on EL8
* Fix race conditions in pwdPolicy_warning_test, pwdPolicy_attribute_test, rootdn_plugin_test
* Increase a timeout for check_ruv()
* Use appropriate default password storage scheme on older versions
* Remove nsUniqueId from the expected attributes if search is done on rootdse
* Add missing __init__.py for the test suites
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: spichugi (Thanks!)
- - - - -
13f8dc7b by Mark Reynolds at 2020-04-29T13:25:43-04:00
Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev
Bug Description: Adding an invalid/double equal sign when setting the
target/targetattr/targetfilter will cause a heap "underflow":
targetfilter=="(uid=*)"
Fix description: Detect and reject these invalid ACI syntaxes before we
"underflow". Simply check if the character after the first
equal sign is a double quote, as that is the only possible
next valid character in a valid ACI.
fixes: https://pagure.io/389-ds-base/issue/51054
Reviewed by: firstyear(Thanks!)
- - - - -
c7da66eb by Mark Reynolds at 2020-04-29T17:00:33-04:00
Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
Description: Also need to undo the change for setup-ds.pl
relates: https://pagure.io/389-ds-base/issue/49731
- - - - -
da12b98c by Sylvie Gouverneyre at 2020-04-30T09:34:13+00:00
Issue 50655 - etime displayed has an order of magnitude 10 times smaller than it should be
Description:
Time value in nanoseconds displayed in the access log was 10 times lower than the actual value.
This test is intented to verify the fix for this problem.
Relates https://bugzilla.redhat.com/show_bug.cgi?id=1749236
Author: sgouvern
Review by: firstyear, spichugi
- - - - -
3def54de by Mark Reynolds at 2020-05-01T09:40:28-04:00
Issue 51051 - CLI fix consistency issues with confirmations
Description: The remove-all feature of dsctl uses different confirmation
prompt than "dsctl remove". To fix this the "countdown" style
confirmation was moved to "remove_all", as "dsctl INST remove"
already had an additional argument.
Also cleaned up unused imports other various bugs found by my
IDE.
relates: https://pagure.io/389-ds-base/issue/51050
Reviewed by: firstyear(Thanks!)
- - - - -
1cff0fb3 by Mark Reynolds at 2020-05-01T09:54:23-04:00
Issue 51064 - Unable to install server where IPv6 is disabled
Description: When checking if a port is available, first attempt to
create a socket using AF_INET6, if that fails then use
AF_INET
relates: https://pagure.io/389-ds-base/issue/51064
Reviewed by: firstyear(Thanks!)
- - - - -
3548738f by Mark Reynolds at 2020-05-01T09:58:06-04:00
Issue 51060 - unable to set sslVersionMin to TLS1.0
Description: When processing the "sslVersionMin" attribute we were incorrectly
setting it to TLS1.2 (current default level)
fixes: https://pagure.io/389-ds-base/issue/51060
Reviewed by: firstyear(Thanks!)
- - - - -
8895fc4b by Viktor Ashirov at 2020-05-02T20:58:21+02:00
Issue 50992 - Bump jemalloc version and enable profiling
Description:
jemalloc 5.2.1 release introduced a number of fixes.
https://github.com/jemalloc/jemalloc/releases/tag/5.2.1
Additionally:
* Override default page and hugepage sizes, because builder machines may not match the target systems.
* Enable profiling by default (--enable-perf), so it can be used for troubleshooting.
Fixes: https://pagure.io/389-ds-base/issue/50992
Reviewed by: mreynolds (Thanks!)
- - - - -
582691dd by Eli Schwartz at 2020-05-05T20:50:54-04:00
Issue 51042 - switch from c_rehash to openssl rehash
Bug Description:
389-ds-base depends on an additional Fedora package openssl-perl for
the /usr/bin/c_rehash script, which just wraps /usr/bin/openssl and
drags in a perl interpreter in the process. The openssl program
contains a builtin 'rehash' subcommand that does the same thing,
only faster and with fewer dependencies. And openssl developers
refer to c_rehash as a fallback and suggest it might be feasible to
remove it entirely.
Fix Description:
Switch all call sites and inline documentation to refer to `openssl
rehash`, and drop the unneeded dependency from the spec file.
One less dependency on perl!
Fixes https://pagure.io/389-ds-base/issue/51042
Author: eschwartz
- - - - -
151a9678 by Eli Schwartz at 2020-05-05T20:50:54-04:00
Issue 51042 - try to use both c_rehash and openssl rehash
Bug Description:
It's not possible to fully migrate to openssl rehash, since it is
not available everywhere. And versions of openssl which don't have
rehash, also cannot check if rehash is available, or try running it
at all as a fallback, because the return value is meaningless.
Fix Description:
Add a utility function that checks the openssl version and parses it
into a LegacyVersion class. `openssl version` should work
everywhere, despite being unfriendly to parse. On versions of
openssl >= 1.1.0a (LegacyVersion also considers 1.1.0 > 1.1.0a), use
openssl rehash, otherwise fall back to c_rehash.
Fixes https://pagure.io/389-ds-base/issue/51042
Author: eschwartz
- - - - -
1b7b12e2 by Thierry Bordaz at 2020-05-07T16:50:21+02:00
Ticket 51068 - deadlock when updating the schema
Bug Description:
It exists a 3 threads deadlock scenario. It involves state change plugins when it
calls schema_changed_callback. So the trigger is a change of schema (direct or via
replication). The scenario is
MOD(cn=schema) hold StateChange lock wait for vattr lock
SRCH hold vattr lock wait for DB page
MOD hold DB page wait for StateChange lock
Fix Description:
Statechange lock protects the list of registered callbacks.
lock is a mutex where actually registration of callback is only done
at startup. Later the list is only lookup.
Making statechange lock a rwlock suppresses the deadlock scenario
as MODs will only acquire in read StateChange lock.
It should also improve performance as at the moment all MODs are serialized
on that lock
In order to prevent writer starvation a new slapi_new_rwlock_prio
create rwlock with priority to writers.
https://pagure.io/389-ds-base/issue/51068
Reviewed by: Mark Reynolds, William Brown
Platforms tested: 30
Flag Day: no
Doc impact: no
- - - - -
916d13bc by Mark Reynolds at 2020-05-08T09:43:53-04:00
Issue 51054 - Revise ACI target syntax checking
Bug Description: The previous commit enforced a strict syntax that was previously
allowed. This is causing regressions for customers and community
members.
Fix Description: Reject ACI's that use more than one equal sign between the target
keyword and the value, but do not enforce that the values are
quoted. A flag was added that we can turn on strict syntax at a
later date, but for now we will continue allow values without quotes.
relates: https://pagure.io/389-ds-base/issue/51054
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
6a0ece1e by Mark Reynolds at 2020-05-08T15:05:25-04:00
Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema
Description:
FreeIPA LDAP update code relies on the schema retrieval when
deciding what to do with values of single-valued LDAP attributes.
In the case attribute is single-valued and some value was present
in the original entry for this attribute, it would use MOD_REPLACE.
Otherwise, it uses MOD_DELETE + MOD_ADD.
Many attributes used in cn=config entries have no formal schema
defined. Since by default an attribute is multi-valued, this fails
the logic above for actual single-valued attributes, like
nsslapd-enable-upgrade-hash. It means FreeIPA has to write special
logic to handle just this attribute.
It would be good to expose schema for nsslapd-enable-upgrade-hash.
We need to change its value to off in all FreeIPA installations
because ipa-pwd-extop plugin prevents hashed passwords in updates
due to a need to regenerate Kerberos hashes on a password change.
It means upgrade of a password hash on LDAP bind will never work
in FreeIPA.
Note - this does move us closer to our goal of adding all the
configuration attributes to the schema.
fixes: https://pagure.io/389-ds-base/issue/51078
Reviewed by: mreynolds (one line commit rule)
- - - - -
debc684a by Mark Reynolds at 2020-05-08T15:25:46-04:00
Bump version to 1.4.4.2
- - - - -
888f0b21 by Simon Pichugin at 2020-05-11T10:54:08+02:00
Issue 50201 - nsIndexIDListScanLimit accepts any value
Bug Description: Setting of nsIndexIDListScanLimit like
'limit=2 limit=3' are detected and logged in error logs.
But the invalid value is successfully applied in the config entry
and the operation itself is successful.
The impact is limited because the index will be used following
idlistscanlimit rather than invalid definition nsIndexIDListScanLimit.
Fix Description: Print the errors to the user when he tries to add
or to modify index config entry with malformed values.
Change tests accordingly.
https://pagure.io/389-ds-base/issue/50201
Reviewed by: mreynolds, tbordaz (Thanks!)
- - - - -
d73b14a1 by Anuj Borah at 2020-05-11T15:46:25+05:30
Issue:CI test - automember_plugin (Long Duration test)
CI test - automember_plugin (Long Duration test)
Relates: https://pagure.io/389-ds-base/issue/48055
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
0cb1e043 by Thierry Bordaz at 2020-05-11T18:07:22+02:00
Ticket 51082 - abort when a empty valueset is freed
Bug Description:
A large valueset (more than 10 values) manages a sorted array of values.
replication purges old values from a valueset (valueset_array_purge). If it purges all the values
the valueset is freed (slapi_valueset_done).
A problem is that the counter of values, in the valueset, is still reflecting the initial number
of values (before the purge). When the valueset is freed (because empty) a safety checking
detects incoherent values based on the wrong counter.
Fix Description:
When all the values have been purge reset the counter before freeing the valueset
https://pagure.io/389-ds-base/issue/51082
Reviewed by: Mark Reynolds
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
6a7a1541 by Matus Honek at 2020-05-12T11:06:50+02:00
Issue 51017 - Implement dynamic ds/bz pytest markers
Bug Description:
Our unique markers for tickets cause a lot pytest warnings
PytestUnknownMarkWarning.
Fix Description:
On each run, go through all test files and the correctly prefixed markers for
the runtime being.
Fixes: https://pagure.io/389-ds-base/issue/51017
Author: Matus Honek <mhonek at redhat.com>
Review by: Viktor & Simon (Thanks!)
- - - - -
497c18f2 by Barbora Smejkalova at 2020-05-12T11:23:20+02:00
Issue 50873 - Fix issues with healthcheck tool
Description:
Created sanity HealthCheck test to see if the tool works on standalone instance.
I extended topology_st with LogCapture in src/lib389/lib389/topologies.py
and added new topology_no_sample that does not create sample entries so we can reproduce DSBLE0003.
Added environment variable PYINSTALL to use python installer for these tests.
The tests can be run using 'PYINSTALL=True py.test ...'.
Also created test to check DSBLE0003 and added test steps from Sylvie (Thanks!) because
we want to import them to our test plan in Polarion
I will fill the blank tests soon.
Relates: https://pagure.io/389-ds-base/issue/50873
Reviewed by: spichugi, firstyear, vashirov (Thanks!)
- - - - -
26c77a4b by Matus Honek at 2020-05-12T09:27:20+00:00
Issue 50940 - Permissions of some shipped directories may change over time
Bug Description:
Some utilities (e.g. installer, esp. setup-ds.pl) alter permissions of
some folders shipped by default. This is discoverable by running
`rpm -V 389-ds-base` after using these.
Fix Description:
Since Perl tools are deprecated and Python tools do not seem to change
most of those permissions, only fix /var/lock/dirsrv in SPEC file.
Relates: https://pagure.io/389-ds-base/issue/50940
Author: Matus Honek <mhonek at redhat.com>
Review By: Simon (Thanks!)
- - - - -
bc789a90 by Mark Reynolds at 2020-05-12T07:36:17-04:00
Issue 51076 - prevent unnecessarily duplication of the target entry
Bug Description: For any update operation the MEP plugin was calling
slapi_search_internal_get_entry() which duplicates
the entry it returns. In this case the entry is just
read from and discarded, but this entry is already
in the pblock (the PRE OP ENTRY).
Fix Description: Just grab the PRE OP ENTRY from the pblock and use
that to read the attribute values from. This saves
two entry duplications for every update operation
from MEP.
fixes: https://pagure.io/389-ds-base/issue/51076
Reviewed by: tbordaz & firstyear(Thanks!!)
- - - - -
d45d8bd0 by Simon Pichugin at 2020-05-12T15:26:37+02:00
Issue 50610 - memory leaks in dbscan and changelog encryption
Bug Description: More leaks are present that involve dbscan
execution (the issue happens on instance restart though).
Fix Description: dbscan - add 'done:' section to which we can
go to if something went worng and free the allocated data.
changelog encryption - add clcrypt_destroy function;
properly free the allocated memory when we go to shutdown.
When we do changelog5_config_done, additionally free
config->symmetricKey, config->dbconfig.encryptionAlgorithm,
and config->dbconfig.symmetricKey
https://pagure.io/389-ds-base/issue/50610
Reviewed by: lkrispen (Thanks!)
- - - - -
431aba86 by Simon Pichugin at 2020-05-13T14:05:42+02:00
Issue 50610 - Fix return code when it's nothing to free
Description: Fix the return code when NULL == clcrypt_handle
supplied to clcrypt_destroy.
https://pagure.io/389-ds-base/issue/50610
Reviewed by: mreynolds (Thanks!)
- - - - -
ab1aaad4 by Viktor Ashirov at 2020-05-13T20:28:36+02:00
Issue 49761 - Fix CI tests
Fix Description:
* Update skipif/xfail pytest marks
* Unset PYTHONPATH for cli tools in setup_ds tests
* Change pem files extraction path in SASL regression tests
* Fix a typo in 'state' tests directory name
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
b3dec427 by Matus Honek at 2020-05-14T16:55:43+02:00
Revert "Issue 51017 - Implement dynamic ds/bz pytest markers"
Apparently, in some situations, grepping over all the files gets very
slow due to filesystem implementation (e.g. docker on MacOS) specifics.
Instead of this implementation, we'll rather look into pre-commit hooks
adding new markings on the fly.
This reverts commit 6a7a154159583c09fcbba0578eaf576d577ccb11.
Relates: https://pagure.io/389-ds-base/issue/51017
- - - - -
1ba7370e by William Brown at 2020-05-15T12:00:32+10:00
Ticket 51079 - container pid start and stop issues
Bug Description: During the container startup, we were incorrectly
checking for the pidfile as we started. We also were not properly
catching sigint, and dscontainer on keyboard int was not passing
some signals through.
Fix Description: Improve signal handling in dscontainer, add sigint
as a caught signal to ns-slapd, and remove the pid file from the container
instance as we do not require it.
https://pagure.io/389-ds-base/issue/51079
https://pagure.io/389-ds-base/issue/51080
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
495ee204 by Mark Reynolds at 2020-05-15T08:17:02-04:00
Issue 51091 - healthcheck json report fails when mapping tree is deleted
Description: We were passing the bename in bytes and not as a utf8 string.
This caused the json dumping to fail.
relates: https://pagure.io/389-ds-base/issue/51091
Reviewed by: firstyear(Thanks!)
- - - - -
9afa6694 by Mark Reynolds at 2020-05-15T10:05:35-04:00
Issue 50499 - Fix some npm audit issues
Description there are still warnings:
npm WARN eonasdan-bootstrap-datetimepicker at 4.17.47 requires a peer of bootstrap@^3.3 but none is installed. You must install peer dependencies yourself.
npm WARN table-resolver at 3.3.0 requires a peer of redux@>= 3.0.0 < 4.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN react-ellipsis-with-tooltip at 1.1.1 requires a peer of react-bootstrap at 0.31.x || 0.32.x but none is installed. You must install peer dependencies yourself.
relates: https://pagure.io/389-ds-base/issue/50499
Reviewed by: mreynolds
- - - - -
3516495c by Thierry Bordaz at 2020-05-18T17:36:37+02:00
Ticket 51037 - RFE AD filter rewriter for ObjectSID
Bug Description:
AD provides flexibility, to AD clients, to use string representation of objectSID
(for example S-1-5-21-1305200397-1234-1234-1234)
To support AD client using 'ObjectSid' shortcut, we need a 389-ds filter rewriters that
translate the filter '(objectSid=S-1-5-21-1305200397-1234-1234-1234)' into '(objectSid=<objectsid blob>)'
before processing the filter
see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada3/afac8414-c614-4c6a-b316-41f5978308bd
Fix Description:
This patch uses the new ability to registers rewriters (https://pagure.io/389-ds-base/issue/50980)
It implements a new callback filter rewriter adfilter_rewrite_objectsid in librewriters.so
https://pagure.io/389-ds-base/issue/51037
Reviewed by: Mark Reynolds, Alexander Bokovoy, Simon Pichugin, William Brown (Thanks !)
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
8b3f4ca6 by William Brown at 2020-05-19T10:28:17+10:00
Ticket 50989 - ignore pid when it is ourself in protect_db
Bug Description: In protect_db.c, there are some cases (especially containers)
where a pid number can be re-used. Following a bad shutdown, the lock files
in /run/lock/{export,import,server}/* remain, and the pid they hold could
be allocated to ourself. When this occurs, the server fails to start.
Fix Description: If the pid of the lock file is our own pid, that is proof
that the previous pid/lock file can not exist, and therfore it is safe to
proceed with the startup.
https://pagure.io/389-ds-base/issue/50989
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
08cad9e7 by Thierry Bordaz at 2020-05-19T10:59:22+02:00
Ticket 51037 - compiler warning
- - - - -
75e3b867 by Anuj Borah at 2020-05-19T14:34:55+05:30
Issue:51070 - Port Import TET module to python3 part1
Bug Description: Port Import TET module to python3 part1
Relates: https://pagure.io/389-ds-base/issue/51070
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
e0e2db1d by Simon Pichugin at 2020-05-19T17:42:07+02:00
Issue 51086 - Improve dscreate instance name validation
Bug Description: When creating an instance using dscreate, it doesn't enforce
max name length. The ldapi socket name contains name of the instance. If it's
too long, we can hit limits, and the file name will be truncated. Also, it
doesn't sanitize the instance name, it's possible to create an instance with
non-ascii symbols in its name.
Fix Description: Add more checks to 'dscreate from-file' installation.
Add a limitation for nsslapd-ldapifilepath string lenght because it is
limited by sizeof((*ports_info.i_listenaddr)->local.path)) it is copied to.
https://pagure.io/389-ds-base/issue/51086
Reviewed by: firstyear, mreynolds (Thanks!)
- - - - -
68ab6a80 by Mark Reynolds at 2020-05-20T09:22:06-04:00
Issue 51076 - remove unnecessary slapi entry dups
Description: So the problem is that slapi_search_internal_get_entry()
duplicates the entry twice. It does that as a convenience
where it will allocate a pblock, do the search, copy
the entry, free search results from the pblock, and then
free the pblock itself. I basically split this function
into two functions. One function allocates the pblock,
does the search and returns the entry. The other function
frees the entries and pblock.
99% of time when we call slapi_search_internal_get_entry()
we are just reading it and freeing it. It's not being
consumed. In these cases we can use the two function
approach eliminates an extra slapi_entry_dup(). Over the
time of an operation/connection we can save quite a bit
of mallocing/freeing. This could also help with memory
fragmentation.
ASAN: passed
relates: https://pagure.io/389-ds-base/issue/51076
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
c350ddc9 by Mark Reynolds at 2020-05-20T13:48:27-04:00
Issue 51102 - RFE - ds-replcheck - make online timeout configurable
Bug Description: When doing an online check with replicas that are very
far apart the connection can time out as the hardcoded
timeout is 5 seconds.
Fix Description: Change the default timeout to never timeout, and add an
CLI option to specify a specific timeout.
Also caught all the possible LDAP exceptions so we can
cleanly "fail". Fixed some python syntax issues, and
improved the entry inconsistency report
relates: https://pagure.io/389-ds-base/issue/51102
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
9d5fe06e by Sylvie Gouverneyre at 2020-05-25T09:51:24+00:00
Issue 49850 -ldbm_get_nonleaf_ids() painfully slow for databases with many non-leaf entries
Description:
With a very large database, gathering non-leaf IDs for creating the ancestorid index took an enormous amount of time.
This test is to verify the fix for this problem.
https://pagure.io/389-ds-base/issue/49850
Author: sgouvern
Reviewed by: firstyear, spichugi
- - - - -
251cef91 by Mark Reynolds at 2020-05-26T08:38:30-04:00
Issue 51110 - Fix ASAN ODR warnings
Description: Fixed ODR issues with glboal attributes which were duplicated from
the core server into the replication and retrocl plugins.
relates: https://pagure.io/389-ds-base/issue/51110
Reviewed by: firstyear(Thanks!)
- - - - -
2fc834aa by Mark Reynolds at 2020-05-26T11:20:02-04:00
Issue 51095 - abort operation if CSN can not be generated
Bug Description: If we fail to get the system time then we were using an
uninitialized timespec struct which could lead to bizarre
times in CSN's.
Fix description: Check if the system time function fails, and if it does
then abort the update operation.
relates: https://pagure.io/389-ds-base/issue/51095
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
eb191f5b by Mark Reynolds at 2020-05-27T07:35:57-04:00
Issue 51113 - Allow using uid for replication manager entry
Bug Description: Currently it was hardcoded to only allow "cn" as
the rdn attribute for the replication manager entry.
Fix description: Allow setting the rdn attribute of the replication
manager DS ldap object, and include the schema that
allows "uid".
relates: https://pagure.io/389-ds-base/issue/51113
Reviewed by: spichugi & firstyear(Thanks!!)
- - - - -
1befe929 by Anuj Borah at 2020-05-28T10:14:24+05:30
Issue: 50860 - Port Password Policy test cases from TET to python3 part1
CI test - Port Password Policy test cases from TET to python3 part1
Relates: https://pagure.io/389-ds-base/issue/50860
Author: aborah
Reviewed by: Simon Pichugin, Viktor Ashirov
- - - - -
cec05062 by Viktor Ashirov at 2020-05-28T09:58:26+02:00
Issue 50931 - RFE AD filter rewriter for ObjectCategory
Bug Description:
ASAN build fails on RHEL due to linking issues
Fix Description:
Add missing libslapd.la for librewriters.la
Relates: https://pagure.io/389-ds-base/issue/50931
Reviewed by: tbordaz (Thanks!)
- - - - -
7b79b89c by Mark Reynolds at 2020-05-29T16:44:12-04:00
Bump version to 1.4.4.3
- - - - -
27 changed files:
- Makefile.am
- VERSION.sh
- dirsrvtests/conftest.py
- + dirsrvtests/tests/longduration/automembers_long_test.py
- dirsrvtests/tests/stress/search/simple.py
- dirsrvtests/tests/suites/acl/syntax_test.py
- dirsrvtests/tests/suites/auth_token/basic_auth_test.py
- dirsrvtests/tests/suites/automember_plugin/basic_test.py
- dirsrvtests/tests/suites/basic/basic_test.py
- dirsrvtests/tests/suites/disk_monitoring/disk_monitoring_test.py
- dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
- dirsrvtests/tests/suites/filter/filterscanlimit_test.py
- dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py
- + dirsrvtests/tests/suites/fractional/__init__.py
- + dirsrvtests/tests/suites/healthcheck/__init__.py
- + dirsrvtests/tests/suites/healthcheck/healthcheck_test.py
- + dirsrvtests/tests/suites/import/import_test.py
- dirsrvtests/tests/suites/import/regression_test.py
- dirsrvtests/tests/suites/mapping_tree/referral_during_tot_init_test.py
- + dirsrvtests/tests/suites/password/password_policy_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py
- dirsrvtests/tests/suites/password/pwp_history_test.py
- dirsrvtests/tests/suites/password/pwp_test.py
- dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py
- dirsrvtests/tests/suites/pwp_storage/storage_test.py
- dirsrvtests/tests/suites/replication/acceptance_test.py
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/56c433833ae0475e4efe44c0ee09e78515080191...7b79b89c19d75d72a1e0323e81e0ad7bb43b6342
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/56c433833ae0475e4efe44c0ee09e78515080191...7b79b89c19d75d72a1e0323e81e0ad7bb43b6342
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20200602/60fdd436/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list