[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 54 commits: Bump version to 1.4.4

Timo Aaltonen gitlab at salsa.debian.org
Tue Jun 2 09:36:16 BST 2020



Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base


Commits:
5fc54f43 by Mark Reynolds at 2020-04-16T10:30:38-04:00
Bump version to 1.4.4

- - - - -
db6cd237 by Mark Reynolds at 2020-04-20T10:24:13-04:00
Issue 51031 UI - transition between two instances needs improvement

Bug Description:  When you switch between instances in the UI, there is
                  no loading page, there is a long wait before the dropdown
                  menu changes, and it does not refresh the page content
                  (it still contains the previous instance's data).

Fix Description:  Set the "loading" flag and the serverId right away when
                  instance is changed.   Then we set the tab component's
                  key to the server ID so the content is automatically
                  refreshed.

fixes: https://pagure.io/389-ds-base/issue/51031

Reviewed by: spichugi(Thanks!)

- - - - -
e6023cab by Thierry Bordaz at 2020-04-21T15:20:51+02:00
Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1

Bug Description:
	startTls pushes a network layer on top of the connection.
	So when processing startTLS, there should not be a pending operation
	else there is a risk that the operation sends back data on moving
        network layer.
        When startTls detects a pending operation it aborts startTls.
	However if a new operation is received while processing startTls,
	the operation is pending but can not be read because startTls
	holds c_mutex.

Fix Description:
	In case of unread pending operation, relax the control
	and just log an information message.

https://pagure.io/389-ds-base/issue/51035

Reviewed by: Mark Reynolds, William Brown

Platforms tested: F30

Flag Day: no

Doc impact: no

- - - - -
fe8547bc by Anuj Borah at 2020-04-22T13:27:16+05:30
Issue: 48055 - CI test - automember_plugin(part3)

Bug Description: CI test - automember_plugin(part3)

Relates: https://pagure.io/389-ds-base/issue/48055

Author: aborah

Reviewed by: Viktor Ashirov

- - - - -
3ca89e31 by Mark Reynolds at 2020-04-22T08:41:45-04:00
Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now

Bug Description:  There are several issues with using /dec/shm/disrv/
                  for the db home directory.  Cantainers have issues,
                  and system reboots can cause issues too.

Fix Description:  Using just /dev/shm/slapd-INST solves all the permission
                  issues, but that requires a new selinux label, so
                  for now we will just set the db home directory to the
                  database directory (effectively disabling the change).

relates: https://pagure.io/389-ds-base/issue/49731

Reviewed by: firstyear & tbordaz(Thanks!)

- - - - -
69a389e0 by Thierry Bordaz at 2020-04-22T15:22:37+02:00
Ticket 50877 - task to run tests of csn generator

Bug Description:
	It exists a test of csn generator (csngen_test()).
        It is not called from any function.

Fix Description:
	register a task container 'cn=csngen_test,cn=tasks,cn=config"
	that calls the test function

https://pagure.io/389-ds-base/issue/50877

Reviewed by: William Brown (Thanks !)

Platforms tested: F30

Flag Day: no

Doc impact: no

- - - - -
8635444b by root at 2020-04-22T17:57:05+02:00
Ticket 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins

Bug: Changes by internal operations were not handled by the sync repl plugin

Fix: Register sync repl postop functions also for internal ops

Reviewed by: xAThierry, thanks

- - - - -
2333d75d by Mark Reynolds at 2020-04-22T14:29:43-04:00
Bump version to 1.4.4.1

- - - - -
05f86617 by Simon Pichugin at 2020-04-24T14:50:01+02:00
Issue 51027 - Test passwordHistory is not rewritten on a fail attempt

Description: Add a test that check that "passwordHistory" attribute
for a user doesn't get updated if a password change fails due to
password repetition.
Add a fixture for the test user and its ACI.

https://pagure.io/389-ds-base/issue/51027

Reviewed by: tbordaz (Thanks!)

- - - - -
326be2c9 by Mark Reynolds at 2020-04-24T10:12:56-04:00
Issue 50545 - Port dbgen.pl to dsctl

Description:  Ported the main features to lib389 and added some other useful features:

              Now there are several LDIFs that can be created:

              - User LDIFs (different types)
              - Group LDIFs
              - COS LDIFs
              - Role LDIFs
              - Modification LDIFs
              - Nested LDIFs

Design Doc:  https://www.port389.org/docs/389ds/design/dbgen-design.html

fixes: https://pagure.io/389-ds-base/issue/50545

Reviewed by: firstyear & spichugi(Thanks!!)

Fix various issue and improve ldif file validation

Add summary of settings to output, and set the default location of user/nested LDIF to be in the server's LDIF directory

- - - - -
53e9d9f9 by Mark Reynolds at 2020-04-24T12:35:38-04:00
Issue 50499 - fix npm audit issues

Description: Fix npm audit amd update npm packages

relates: https://pagure.io/389-ds-base/issue/50499

Reviewed by: spichugi(Thanks!)

- - - - -
0f446a54 by Mark Reynolds at 2020-04-24T12:40:47-04:00
Issue 51047 - React deprecating ComponentWillMount

Description:  ComponentWillMount has been deemed as unsafe, switching to
              ComponentDidMount is the preferred solution and does not
              seem to affect the UX.

Fixes: https://pagure.io/389-ds-base/issue/51047

Reviewed by: spichugi(Thanks!)

- - - - -
1b8a6be1 by Viktor Ashirov at 2020-04-29T15:46:08+02:00
Issue 49761 - Fix CI tests

Description:
* Update pytest markers
* Fix changelog test on EL8
* Fix race conditions in pwdPolicy_warning_test, pwdPolicy_attribute_test, rootdn_plugin_test
* Increase a timeout for check_ruv()
* Use appropriate default password storage scheme on older versions
* Remove nsUniqueId from the expected attributes if search is done on rootdse
* Add missing __init__.py for the test suites

Relates: https://pagure.io/389-ds-base/issue/49761

Reviewed by: spichugi (Thanks!)

- - - - -
13f8dc7b by Mark Reynolds at 2020-04-29T13:25:43-04:00
Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev

Bug Description:  Adding an invalid/double equal sign when setting the
                  target/targetattr/targetfilter will cause a heap "underflow":

                        targetfilter=="(uid=*)"

Fix description:  Detect and reject these invalid ACI syntaxes before we
                  "underflow".  Simply check if the character after the first
                  equal sign is a double quote, as that is the only possible
                  next valid character in a valid ACI.

fixes: https://pagure.io/389-ds-base/issue/51054

Reviewed by: firstyear(Thanks!)

- - - - -
c7da66eb by Mark Reynolds at 2020-04-29T17:00:33-04:00
Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now

Description:  Also need to undo the change for setup-ds.pl

relates: https://pagure.io/389-ds-base/issue/49731

- - - - -
da12b98c by Sylvie Gouverneyre at 2020-04-30T09:34:13+00:00
Issue 50655 - etime displayed has an order of magnitude 10 times smaller than it should be

Description:
	Time value in nanoseconds displayed in the access log was 10 times lower than the actual value.
	This test is intented to verify the fix for this problem.

Relates https://bugzilla.redhat.com/show_bug.cgi?id=1749236

Author: sgouvern

Review by: firstyear, spichugi

- - - - -
3def54de by Mark Reynolds at 2020-05-01T09:40:28-04:00
Issue 51051 - CLI fix consistency issues with confirmations

Description:  The remove-all feature of dsctl uses different confirmation
              prompt than "dsctl remove".  To fix this the "countdown" style
              confirmation was moved to "remove_all", as "dsctl INST remove"
              already had an additional argument.

              Also cleaned up unused imports other various bugs found by my
              IDE.

relates: https://pagure.io/389-ds-base/issue/51050

Reviewed by: firstyear(Thanks!)

- - - - -
1cff0fb3 by Mark Reynolds at 2020-05-01T09:54:23-04:00
Issue 51064 - Unable to install server where IPv6 is disabled

Description:  When checking if a port is available, first attempt to
              create a socket using AF_INET6, if that fails then use
              AF_INET

relates: https://pagure.io/389-ds-base/issue/51064

Reviewed by: firstyear(Thanks!)

- - - - -
3548738f by Mark Reynolds at 2020-05-01T09:58:06-04:00
Issue 51060 - unable to set sslVersionMin to TLS1.0

Description:  When processing the "sslVersionMin" attribute we were incorrectly
              setting it to TLS1.2 (current default level)

fixes: https://pagure.io/389-ds-base/issue/51060

Reviewed by: firstyear(Thanks!)

- - - - -
8895fc4b by Viktor Ashirov at 2020-05-02T20:58:21+02:00
Issue 50992 - Bump jemalloc version and enable profiling

Description:
jemalloc 5.2.1 release introduced a number of fixes.
https://github.com/jemalloc/jemalloc/releases/tag/5.2.1

Additionally:
* Override default page and hugepage sizes, because builder machines may not match the target systems.
* Enable profiling by default (--enable-perf), so it can be used for troubleshooting.

Fixes: https://pagure.io/389-ds-base/issue/50992

Reviewed by: mreynolds (Thanks!)

- - - - -
582691dd by Eli Schwartz at 2020-05-05T20:50:54-04:00
Issue 51042 - switch from c_rehash to openssl rehash

Bug Description:
    389-ds-base depends on an additional Fedora package openssl-perl for
    the /usr/bin/c_rehash script, which just wraps /usr/bin/openssl and
    drags in a perl interpreter in the process. The openssl program
    contains a builtin 'rehash' subcommand that does the same thing,
    only faster and with fewer dependencies. And openssl developers
    refer to c_rehash as a fallback and suggest it might be feasible to
    remove it entirely.

Fix Description:
    Switch all call sites and inline documentation to refer to `openssl
    rehash`, and drop the unneeded dependency from the spec file.
    One less dependency on perl!

Fixes https://pagure.io/389-ds-base/issue/51042

Author: eschwartz

- - - - -
151a9678 by Eli Schwartz at 2020-05-05T20:50:54-04:00
Issue 51042 - try to use both c_rehash and openssl rehash

Bug Description:
    It's not possible to fully migrate to openssl rehash, since it is
    not available everywhere. And versions of openssl which don't have
    rehash, also cannot check if rehash is available, or try running it
    at all as a fallback, because the return value is meaningless.

Fix Description:
    Add a utility function that checks the openssl version and parses it
    into a LegacyVersion class. `openssl version` should work
    everywhere, despite being unfriendly to parse. On versions of
    openssl >= 1.1.0a (LegacyVersion also considers 1.1.0 > 1.1.0a), use
    openssl rehash, otherwise fall back to c_rehash.

Fixes https://pagure.io/389-ds-base/issue/51042

Author: eschwartz

- - - - -
1b7b12e2 by Thierry Bordaz at 2020-05-07T16:50:21+02:00
Ticket 51068 - deadlock when updating the schema

Bug Description:
        It exists a 3 threads deadlock scenario. It involves state change plugins when it
        calls schema_changed_callback. So the trigger is a change of schema (direct or via
        replication). The scenario is
      MOD(cn=schema)    hold StateChange lock   wait for vattr lock
      SRCH              hold vattr lock         wait for DB page
      MOD               hold DB page            wait for StateChange lock

Fix Description:
        Statechange lock protects the list of registered callbacks.
        lock is a mutex where actually registration of callback is only done
        at startup. Later the list is only lookup.
        Making statechange lock a rwlock suppresses the deadlock scenario
        as MODs will only acquire in read StateChange lock.
        It should also improve performance as at the moment all MODs are serialized
        on that lock
	In order to prevent writer starvation a new slapi_new_rwlock_prio
        create rwlock with priority to writers.

https://pagure.io/389-ds-base/issue/51068

Reviewed by: Mark Reynolds, William Brown

Platforms tested: 30

Flag Day: no

Doc impact: no

- - - - -
916d13bc by Mark Reynolds at 2020-05-08T09:43:53-04:00
Issue 51054 - Revise ACI target syntax checking

Bug Description:  The previous commit enforced a strict syntax that was previously
                  allowed.  This is causing regressions for customers and community
                  members.

Fix Description:  Reject ACI's that use more than one equal sign between the target
                  keyword and the value, but do not enforce that the values are
                  quoted.  A flag was added that we can turn on strict syntax at a
                  later date, but for now we will continue allow values without quotes.

relates: https://pagure.io/389-ds-base/issue/51054

Reviewed by:  firstyear & spichugi(Thanks!!)

- - - - -
6a0ece1e by Mark Reynolds at 2020-05-08T15:05:25-04:00
Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema

Description:

FreeIPA LDAP update code relies on the schema retrieval when
deciding what to do with values of single-valued LDAP attributes.
In the case attribute is single-valued and some value was present
in the original entry for this attribute, it would use MOD_REPLACE.
Otherwise, it uses MOD_DELETE + MOD_ADD.

Many attributes used in cn=config entries have no formal schema
defined. Since by default an attribute is multi-valued, this fails
the logic above for actual single-valued attributes, like
nsslapd-enable-upgrade-hash. It means FreeIPA has to write special
logic to handle just this attribute.

It would be good to expose schema for nsslapd-enable-upgrade-hash.
We need to change its value to off in all FreeIPA installations
because ipa-pwd-extop plugin prevents hashed passwords in updates
due to a need to regenerate Kerberos hashes on a password change.
It means upgrade of a password hash on LDAP bind will never work
in FreeIPA.

Note - this does move us closer to our goal of adding all the
configuration attributes to the schema.

fixes: https://pagure.io/389-ds-base/issue/51078

Reviewed by: mreynolds (one line commit rule)

- - - - -
debc684a by Mark Reynolds at 2020-05-08T15:25:46-04:00
Bump version to 1.4.4.2

- - - - -
888f0b21 by Simon Pichugin at 2020-05-11T10:54:08+02:00
Issue 50201 - nsIndexIDListScanLimit accepts any value

Bug Description: Setting of nsIndexIDListScanLimit like
'limit=2 limit=3' are detected and logged in error logs.
But the invalid value is successfully applied in the config entry
and the operation itself is successful.
The impact is limited because the index will be used following
idlistscanlimit rather than invalid definition nsIndexIDListScanLimit.

Fix Description: Print the errors to the user when he tries to add
or to modify index config entry with malformed values.
Change tests accordingly.

https://pagure.io/389-ds-base/issue/50201

Reviewed by: mreynolds, tbordaz (Thanks!)

- - - - -
d73b14a1 by Anuj Borah at 2020-05-11T15:46:25+05:30
Issue:CI test - automember_plugin (Long Duration test)

CI test - automember_plugin (Long Duration test)

Relates: https://pagure.io/389-ds-base/issue/48055

Author: aborah

Reviewed by: Viktor Ashirov

- - - - -
0cb1e043 by Thierry Bordaz at 2020-05-11T18:07:22+02:00
Ticket 51082 - abort when a empty valueset is freed

Bug Description:
	A large valueset (more than 10 values) manages a sorted array of values.
        replication purges old values from a valueset (valueset_array_purge). If it purges all the values
        the valueset is freed (slapi_valueset_done).
        A problem is that the counter of values, in the valueset, is still reflecting the initial number
        of values (before the purge). When the valueset is freed (because empty) a safety checking
        detects incoherent values based on the wrong counter.

Fix Description:
	When all the values have been purge reset the counter before freeing the valueset

https://pagure.io/389-ds-base/issue/51082

Reviewed by: Mark Reynolds

Platforms tested: F30

Flag Day: no

Doc impact: no

- - - - -
6a7a1541 by Matus Honek at 2020-05-12T11:06:50+02:00
Issue 51017 - Implement dynamic ds/bz pytest markers

Bug Description:
Our unique markers for tickets cause a lot pytest warnings
PytestUnknownMarkWarning.

Fix Description:
On each run, go through all test files and the correctly prefixed markers for
the runtime being.

Fixes: https://pagure.io/389-ds-base/issue/51017

Author: Matus Honek <mhonek at redhat.com>

Review by: Viktor & Simon (Thanks!)

- - - - -
497c18f2 by Barbora Smejkalova at 2020-05-12T11:23:20+02:00
Issue 50873 - Fix issues with healthcheck tool

Description:
Created sanity HealthCheck test to see if the tool works on standalone instance.
I extended topology_st with LogCapture in src/lib389/lib389/topologies.py
and added new topology_no_sample that does not create sample entries so we can reproduce DSBLE0003.
Added environment variable PYINSTALL to use python installer for these tests.
The tests can be run using 'PYINSTALL=True py.test ...'.
Also created test to check DSBLE0003 and added test steps from Sylvie (Thanks!) because
we want to import them to our test plan in Polarion
I will fill the blank tests soon.

Relates: https://pagure.io/389-ds-base/issue/50873

Reviewed by: spichugi, firstyear, vashirov (Thanks!)

- - - - -
26c77a4b by Matus Honek at 2020-05-12T09:27:20+00:00
Issue 50940 - Permissions of some shipped directories may change over time

Bug Description:
Some utilities (e.g. installer, esp. setup-ds.pl) alter permissions of
some folders shipped by default. This is discoverable by running
`rpm -V 389-ds-base` after using these.

Fix Description:
Since Perl tools are deprecated and Python tools do not seem to change
most of those permissions, only fix /var/lock/dirsrv in SPEC file.

Relates: https://pagure.io/389-ds-base/issue/50940

Author: Matus Honek <mhonek at redhat.com>

Review By: Simon (Thanks!)

- - - - -
bc789a90 by Mark Reynolds at 2020-05-12T07:36:17-04:00
Issue 51076 - prevent unnecessarily duplication of the target entry

Bug Description:  For any update operation the MEP plugin was calling
                  slapi_search_internal_get_entry() which duplicates
                  the entry it returns.  In this case the entry is just
                  read from and discarded, but this entry is already
                  in the pblock (the PRE OP ENTRY).

Fix Description:  Just grab the PRE OP ENTRY from the pblock and use
                  that to read the attribute values from.  This saves
                  two entry duplications for every update operation
                  from MEP.

fixes:  https://pagure.io/389-ds-base/issue/51076

Reviewed by: tbordaz & firstyear(Thanks!!)

- - - - -
d45d8bd0 by Simon Pichugin at 2020-05-12T15:26:37+02:00
Issue 50610 - memory leaks in dbscan and changelog encryption

Bug Description: More leaks are present that involve dbscan
execution (the issue happens on instance restart though).

Fix Description: dbscan - add 'done:' section to which we can
go to if something went worng and free the allocated data.

changelog encryption - add clcrypt_destroy function;
properly free the allocated memory when we go to shutdown.
When we do changelog5_config_done, additionally free
config->symmetricKey, config->dbconfig.encryptionAlgorithm,
and config->dbconfig.symmetricKey

https://pagure.io/389-ds-base/issue/50610

Reviewed by: lkrispen (Thanks!)

- - - - -
431aba86 by Simon Pichugin at 2020-05-13T14:05:42+02:00
Issue 50610 - Fix return code when it's nothing to free

Description: Fix the return code when NULL == clcrypt_handle
supplied to clcrypt_destroy.

https://pagure.io/389-ds-base/issue/50610

Reviewed by: mreynolds (Thanks!)

- - - - -
ab1aaad4 by Viktor Ashirov at 2020-05-13T20:28:36+02:00
Issue 49761 - Fix CI tests

Fix Description:
* Update skipif/xfail pytest marks
* Unset PYTHONPATH for cli tools in setup_ds tests
* Change pem files extraction path in SASL regression tests
* Fix a typo in 'state' tests directory name

Relates: https://pagure.io/389-ds-base/issue/49761

Reviewed by: mreynolds (Thanks!)

- - - - -
b3dec427 by Matus Honek at 2020-05-14T16:55:43+02:00
Revert "Issue 51017 - Implement dynamic ds/bz pytest markers"

Apparently, in some situations, grepping over all the files gets very
slow due to filesystem implementation (e.g. docker on MacOS) specifics.

Instead of this implementation, we'll rather look into pre-commit hooks
adding new markings on the fly.

This reverts commit 6a7a154159583c09fcbba0578eaf576d577ccb11.

Relates: https://pagure.io/389-ds-base/issue/51017

- - - - -
1ba7370e by William Brown at 2020-05-15T12:00:32+10:00
Ticket 51079 - container pid start and stop issues

Bug Description: During the container startup, we were incorrectly
checking for the pidfile as we started. We also were not properly
catching sigint, and dscontainer on keyboard int was not passing
some signals through.

Fix Description: Improve signal handling in dscontainer, add sigint
as a caught signal to ns-slapd, and remove the pid file from the container
instance as we do not require it.

https://pagure.io/389-ds-base/issue/51079
https://pagure.io/389-ds-base/issue/51080

Author: William Brown <william at blackhats.net.au>

Review by: ???

- - - - -
495ee204 by Mark Reynolds at 2020-05-15T08:17:02-04:00
Issue 51091 - healthcheck json report fails when mapping tree is deleted

Description:  We were passing the bename in bytes and not as a utf8 string.
              This caused the json dumping to fail.

relates: https://pagure.io/389-ds-base/issue/51091

Reviewed by: firstyear(Thanks!)

- - - - -
9afa6694 by Mark Reynolds at 2020-05-15T10:05:35-04:00
Issue 50499 - Fix some npm audit issues

Description there are still warnings:

npm WARN eonasdan-bootstrap-datetimepicker at 4.17.47 requires a peer of bootstrap@^3.3 but none is installed. You must install peer dependencies yourself.
npm WARN table-resolver at 3.3.0 requires a peer of redux@>= 3.0.0 < 4.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN react-ellipsis-with-tooltip at 1.1.1 requires a peer of react-bootstrap at 0.31.x || 0.32.x but none is installed. You must install peer dependencies yourself.

relates: https://pagure.io/389-ds-base/issue/50499

Reviewed by: mreynolds

- - - - -
3516495c by Thierry Bordaz at 2020-05-18T17:36:37+02:00
Ticket 51037 - RFE AD filter rewriter for ObjectSID

Bug Description:
    AD provides flexibility, to AD clients, to use string representation of objectSID
    (for example S-1-5-21-1305200397-1234-1234-1234)
    To support AD client using 'ObjectSid' shortcut, we need a 389-ds filter rewriters that
    translate the filter '(objectSid=S-1-5-21-1305200397-1234-1234-1234)' into '(objectSid=<objectsid blob>)'
    before processing the filter
    see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada3/afac8414-c614-4c6a-b316-41f5978308bd

Fix Description:
    This patch uses the new ability to registers rewriters (https://pagure.io/389-ds-base/issue/50980)
    It implements a new callback filter rewriter adfilter_rewrite_objectsid in librewriters.so

https://pagure.io/389-ds-base/issue/51037

Reviewed by: Mark Reynolds, Alexander Bokovoy, Simon Pichugin, William Brown (Thanks !)

Platforms tested: F30

Flag Day: no

Doc impact: no

- - - - -
8b3f4ca6 by William Brown at 2020-05-19T10:28:17+10:00
Ticket 50989 - ignore pid when it is ourself in protect_db

Bug Description: In protect_db.c, there are some cases (especially containers)
where a pid number can be re-used. Following a bad shutdown, the lock files
in /run/lock/{export,import,server}/* remain, and the pid they hold could
be allocated to ourself. When this occurs, the server fails to start.

Fix Description: If the pid of the lock file is our own pid, that is proof
that the previous pid/lock file can not exist, and therfore it is safe to
proceed with the startup.

https://pagure.io/389-ds-base/issue/50989

Author: William Brown <william at blackhats.net.au>

Review by: tbordaz (Thanks!)

- - - - -
08cad9e7 by Thierry Bordaz at 2020-05-19T10:59:22+02:00
Ticket 51037 - compiler warning

- - - - -
75e3b867 by Anuj Borah at 2020-05-19T14:34:55+05:30
Issue:51070 - Port Import TET module to python3 part1

Bug Description: Port Import TET module to python3 part1

Relates: https://pagure.io/389-ds-base/issue/51070

Author: aborah

Reviewed by: Simon Pichugin

- - - - -
e0e2db1d by Simon Pichugin at 2020-05-19T17:42:07+02:00
Issue 51086 - Improve dscreate instance name validation

Bug Description: When creating an instance using dscreate, it doesn't enforce
max name length. The ldapi socket name contains name of the instance. If it's
too long, we can hit limits, and the file name will be truncated. Also, it
doesn't sanitize the instance name, it's possible to create an instance with
non-ascii symbols in its name.

Fix Description: Add more checks to 'dscreate from-file' installation.
Add a limitation for nsslapd-ldapifilepath string lenght because it is
limited by sizeof((*ports_info.i_listenaddr)->local.path)) it is copied to.

https://pagure.io/389-ds-base/issue/51086

Reviewed by: firstyear, mreynolds (Thanks!)

- - - - -
68ab6a80 by Mark Reynolds at 2020-05-20T09:22:06-04:00
Issue 51076 - remove unnecessary slapi entry dups

Description:  So the problem is that slapi_search_internal_get_entry()
              duplicates the entry twice.  It does that as a convenience
              where it will allocate a pblock, do the search, copy
              the entry, free search results from the pblock, and then
              free the pblock itself.  I basically split this function
              into two functions.  One function allocates the pblock,
              does the search and returns the entry.  The other function
              frees the entries and pblock.

              99% of time when we call slapi_search_internal_get_entry()
              we are just reading it and freeing it.  It's not being
              consumed.  In these cases we can use the two function
              approach eliminates an extra slapi_entry_dup().  Over the
              time of an operation/connection we can save quite a bit
              of mallocing/freeing.  This could also help with memory
              fragmentation.

ASAN: passed

relates: https://pagure.io/389-ds-base/issue/51076

Reviewed by: firstyear & tbordaz(Thanks!)

- - - - -
c350ddc9 by Mark Reynolds at 2020-05-20T13:48:27-04:00
Issue 51102 - RFE - ds-replcheck - make online timeout configurable

Bug Description:  When doing an online check with replicas that are very
                  far apart the connection can time out as the hardcoded
                  timeout is 5 seconds.

Fix Description:  Change the default timeout to never timeout, and add an
                  CLI option to specify a specific timeout.

                  Also caught all the possible LDAP exceptions so we can
                  cleanly "fail".  Fixed some python syntax issues, and
                  improved the entry inconsistency report

relates: https://pagure.io/389-ds-base/issue/51102

Reviewed by: firstyear & spichugi(Thanks!)

- - - - -
9d5fe06e by Sylvie Gouverneyre at 2020-05-25T09:51:24+00:00
Issue 49850 -ldbm_get_nonleaf_ids() painfully slow for databases with many non-leaf entries

Description:
With a very large database, gathering non-leaf IDs for creating the ancestorid index took an enormous amount of time.
This test is to verify the fix for this problem.

https://pagure.io/389-ds-base/issue/49850

Author: sgouvern

Reviewed by: firstyear, spichugi

- - - - -
251cef91 by Mark Reynolds at 2020-05-26T08:38:30-04:00
Issue 51110 - Fix ASAN ODR warnings

Description: Fixed ODR issues with glboal attributes which were duplicated from
             the core server into the replication and retrocl plugins.

relates: https://pagure.io/389-ds-base/issue/51110

Reviewed by: firstyear(Thanks!)

- - - - -
2fc834aa by Mark Reynolds at 2020-05-26T11:20:02-04:00
Issue 51095 - abort operation if CSN can not be generated

Bug Description:  If we fail to get the system time then we were using an
                  uninitialized timespec struct which could lead to bizarre
                  times in CSN's.

Fix description:  Check if the system time function fails, and if it does
                  then abort the update operation.

relates: https://pagure.io/389-ds-base/issue/51095

Reviewed by: firstyear & tbordaz(Thanks!!)

- - - - -
eb191f5b by Mark Reynolds at 2020-05-27T07:35:57-04:00
Issue 51113 - Allow using uid for replication manager entry

Bug Description:  Currently it was hardcoded to only allow "cn" as
                  the rdn attribute for the replication manager entry.

Fix description:  Allow setting the rdn attribute of the replication
                  manager DS ldap object, and include the schema that
                  allows "uid".

relates:  https://pagure.io/389-ds-base/issue/51113

Reviewed by: spichugi & firstyear(Thanks!!)

- - - - -
1befe929 by Anuj Borah at 2020-05-28T10:14:24+05:30
Issue: 50860 - Port Password Policy test cases from TET to python3 part1

CI test - Port Password Policy test cases from TET to python3 part1

Relates: https://pagure.io/389-ds-base/issue/50860

Author: aborah

Reviewed by: Simon Pichugin, Viktor Ashirov

- - - - -
cec05062 by Viktor Ashirov at 2020-05-28T09:58:26+02:00
Issue 50931 - RFE AD filter rewriter for ObjectCategory

Bug Description:
ASAN build fails on RHEL due to linking issues

Fix Description:
Add missing libslapd.la for librewriters.la

Relates: https://pagure.io/389-ds-base/issue/50931

Reviewed by: tbordaz (Thanks!)

- - - - -
7b79b89c by Mark Reynolds at 2020-05-29T16:44:12-04:00
Bump version to 1.4.4.3

- - - - -


27 changed files:

- Makefile.am
- VERSION.sh
- dirsrvtests/conftest.py
- + dirsrvtests/tests/longduration/automembers_long_test.py
- dirsrvtests/tests/stress/search/simple.py
- dirsrvtests/tests/suites/acl/syntax_test.py
- dirsrvtests/tests/suites/auth_token/basic_auth_test.py
- dirsrvtests/tests/suites/automember_plugin/basic_test.py
- dirsrvtests/tests/suites/basic/basic_test.py
- dirsrvtests/tests/suites/disk_monitoring/disk_monitoring_test.py
- dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
- dirsrvtests/tests/suites/filter/filterscanlimit_test.py
- dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py
- + dirsrvtests/tests/suites/fractional/__init__.py
- + dirsrvtests/tests/suites/healthcheck/__init__.py
- + dirsrvtests/tests/suites/healthcheck/healthcheck_test.py
- + dirsrvtests/tests/suites/import/import_test.py
- dirsrvtests/tests/suites/import/regression_test.py
- dirsrvtests/tests/suites/mapping_tree/referral_during_tot_init_test.py
- + dirsrvtests/tests/suites/password/password_policy_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py
- dirsrvtests/tests/suites/password/pwp_history_test.py
- dirsrvtests/tests/suites/password/pwp_test.py
- dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py
- dirsrvtests/tests/suites/pwp_storage/storage_test.py
- dirsrvtests/tests/suites/replication/acceptance_test.py


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/56c433833ae0475e4efe44c0ee09e78515080191...7b79b89c19d75d72a1e0323e81e0ad7bb43b6342

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/56c433833ae0475e4efe44c0ee09e78515080191...7b79b89c19d75d72a1e0323e81e0ad7bb43b6342
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20200602/60fdd436/attachment-0001.html>


More information about the Pkg-freeipa-devel mailing list