[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][master-next] 35 commits: Issue 4916 - Memory leak in ldap-agent
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Wed Dec 15 18:56:05 GMT 2021
Timo Aaltonen pushed to branch master-next at FreeIPA packaging / 389-ds-base
Commits:
54d7cc78 by Viktor Ashirov at 2021-09-22T00:07:23+02:00
Issue 4916 - Memory leak in ldap-agent
Description:
Fix a minor memory leak in ldap-agent to make AddressSanitizer happy.
Fixes: https://github.com/389ds/389-ds-base/issues/4916
Reviewed by: @mreynolds389, @Firstyear (Thanks!)
- - - - -
c661024b by tbordaz at 2021-09-23T09:49:40-04:00
Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926)
Bug description:
An ACI may contain targetfilter. For a given returned entry, of a
SRCH request, the same targetfilter is evaluated for each of the
returned attributes.
Once the filter has been evaluated, it is useless to reevaluate
it for a next attribute.
Fix description:
The fix implements a very simple cache (linked list) that keeps
the results of the previously evaluated 'targetfilter'.
This cache is per-entry. For an operation, a aclpb is allocated
that is used to evaluate ACIs against each successive entry.
Each time a candidate entry is added in the aclpb
(acl_access_allowed), the cache (aclpb_curr_entry_targetfilters)
is freed. Then for each 'targetfilter', the original targetfilter
is lookup from the cache. If this is the first evaluation of it
then the result of the evaluation is stored into the cache using
the original targetfilter as the key in the cache
The key to lookup/store the cache is the string representation
of the targetfilter. The string contains a redzone to detect
that the filter exceeds the maximum size (2K). If it exceeds
then the key is invalid and the lookup/store is noop.
relates: #4925
Reviewed by: Mark Reynolds, William Brown (Thanks)
Platforms tested: F34
- - - - -
cdd354c9 by Mark Reynolds at 2021-09-27T13:07:20-04:00
Issue 4513 - fix ACI CI tests involving ip/hostname rules
Description: Fix tests that use ACIs with ip/hostname rules. Harden
the dscreate and dsctl acceptance tests, and fix some
flakiness in the sync repl test, and filter schema
validation.
Also updated the doxy file and fixed some compiler warnings
relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: spichugi & tbordaz(Thanks!!)
(cherry picked from commit 2a9df10303c4902a816a64b805448f31380a2728)
- - - - -
121e27a4 by Firstyear at 2021-09-30T11:51:23+10:00
Issue 4847 - BUG - potential deadlock in replica (#4936)
Bug Description: There was an incorrect double lock in
repl5_replica_config.c
Fix Description: Replace the incorrect lock with and unlock.
fixes: https://github.com/389ds/389-ds-base/issues/4847
Author: jenny <@jenny-cheung>
Review by: @firstyear @droideck
Co-authored-by: jenny <84835889+jenny-cheung at users.noreply.github.com>
- - - - -
2cd65b47 by James Chapman at 2021-10-07T15:04:06+00:00
Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922)
Description: When logconv.pl is run with the recommendations flag
it generates an uninitialized value error.
Fixed this and done some tidy up.
Fixes: https://github.com/389ds/389-ds-base/issues/4921
Reviewed by: @progier389 (Thank you)
- - - - -
9ea04db9 by Viktor Ashirov at 2021-10-11T09:13:49+02:00
Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace
Bug Description:
On a very slow machine max_failure_count can be reached to soon. For
troubleshooting and diagnostics this parameter should be configurable.
Fix Description:
Introduce a new env variable DS_STARTUP_TIMEOUT that accepts a number in
seconds. By default it is 60.
Log a traceback when we reach the timeout.
Fixes: https://github.com/389ds/389-ds-base/issues/4938
Reviewed by: @Firstyear (Thanks!)
- - - - -
173194e5 by Mark Reynolds at 2021-10-18T15:00:27-04:00
Issue 4299 - Merge LDAP editor code into Cockpit UI
Description: Merging parts of Têko Mihinto <tmihinto at redhat.com> LDAP
editor into the Cockpit UI. Some of it is functional, but there is
still much more work to be done.
relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: spichugi(Thanks!)
- - - - -
c0623e95 by Mark Reynolds at 2021-10-19T08:51:20-04:00
Bump github contianer shm size to 4 gigs
- - - - -
bf128397 by Mark Reynolds at 2021-10-19T09:27:14-04:00
Issue 2790 - Set db home directory by default
Description: The selinux rules (selinux-policy-3.14.3-79)
have been updated to support /dev/shm/slapd-INST
Relates: https://github.com/389ds/389-ds-base/issues/2790
Reviewed by: firstyear(Thanks!)
- - - - -
6467ea5c by progier389 at 2021-10-26T10:38:00+02:00
Issue 4943 - Fix csn generator to limit time skew drift (#4946)
* Issue 4943 - Fix csn generator to limit time skew drift
(cherry picked from commit cbfccd67e0ad0900f5307c565f8b32cbfdda5223)
- - - - -
b0d06615 by Simon Pichugin at 2021-10-26T17:08:43-07:00
Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)
Issue Description: Use PK11_Decrypt function to get hash data
because PK11_ExtractKeyValue function is forbidden in FIPS mode.
We can't extract keys while in FIPS mode. But we use PK11_ExtractKeyValue
for hashes, and it's not forbidden.
We can't use OpenSSL's PBKDF2-SHA256 implementation right now because
we need to support an upgrade procedure while in FIPS mode (update
hash on bind). For that, we should fix existing PBKDF2 usage, and we can
switch to OpenSSL's PBKDF2-SHA256 in the following versions.
Fix Description: Use PK11_Decrypt function to get the data.
Enable TLS on all CI test topologies while in FIPS because without
that we don't set up the NSS database correctly.
Add PBKDF2-SHA256 (OpenSSL) to ldif templates, so the password scheme is
discoverable by internal functions.
https://github.com/389ds/389-ds-base/issues/3584
Reviewed by: @progier389, @mreynolds389, @Firstyear, @tbordaz (Thanks!!)
- - - - -
0e5a5c52 by Mark Reynolds at 2021-10-27T20:36:49-04:00
Issue 4962 - Fix various UI bugs part 1
Fix Description:
Bug 2016022 - Cockpit UI: UI is incorrectly saying "Create the Sub Suffix entry"
Bug 2015951 - Cockpit UI: Database tab ---> Export Database/replicaton
data
Bug 2015221 - Cockpit UI: UX Bugs Server Settings ->Tuning and Limits
Bug 2015139 - Configuration for Import Cache Settings is not saved
Bug 2015127 - No message when configuring Global Database Configuration
Bug 2014924 - Cockpit UI: UX Bugs and other cockpit GUI related defects
relates: https://github.com/389ds/389-ds-base/issues/4962
Reviewed by: spichugi & jchapman (Thanks!!)
- - - - -
36af8a01 by Mark Reynolds at 2021-10-28T08:26:35-04:00
Issue 4731 - Promoting/demoting a replica can crash the server
Bug Description: The server will crash if you demote a
supplier with no changelog.
Fix Description: Check if the changelog pointer is NULL before
dereferencing it
relates: https://github.com/389ds/389-ds-base/issues/4731
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
9e9ef0f3 by Mark Reynolds at 2021-10-28T14:46:46-04:00
Issue 4956 - Automember allows invalid regex, and does not log proper error
Bug Description: The server was detecting an invalid automember
regex, but it did not reject it, and it did not
log which regex rule was invalid.
Fix Description: By properly rejecting the invalid regex will also
trigger the proper error logging to occur.
relates: https://github.com/389ds/389-ds-base/issues/4956
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
5f05bc7a by Mark Reynolds at 2021-10-28T14:55:16-04:00
Issue 4092 - systemd-tmpfiles warnings
Bug Description:
systemd-tmpfiles warns about legacy paths in our tmpfiles configs.
Using /var/run also introduces a race condition, see the following
issue https://pagure.io/389-ds-base/issue/47429
Fix Description:
Instead of using @localstatedir@/run use @localrundir@ which was
introduced in #850.
Relates: https://github.com/389ds/389-ds-base/issues/766
Fixes: https://github.com/389ds/389-ds-base/issues/4092
Reviewed by: vashirov & firstyear(Thanks!)
- - - - -
c30ebb57 by Mark Reynolds at 2021-11-01T14:08:32-04:00
Issue 4973 - installer changes permissions on /run
Description: There was a regression when we switched over to using /run
that caused the installer to try and create /run which
caused the ownership to change. Fixed this by changing
the "run_dir" to /run/dirsrv
relates: https://github.com/389ds/389-ds-base/issues/4973
Reviewed by: jchapman(Thanks!)
- - - - -
769e591b by Simon Pichugin at 2021-11-01T12:09:10-07:00
Issue 4962 - Fix various UI bugs - Plugins (#4969)
Description:
Bug 1816526 - restart instance after plugin enabled/disabled should depend on 'nsslapd-dynamic-plugins' status
Bug 2011183 - Retro Changelog plugin - saving any configuration is stuck in loading
Bug 2011187 - Posix Winsync Plugin - configuration is not saved
Bug 2011188 - DNA plugin fails to be enabled
Bug 2011751 - Referential Integrity Plugin - unable to save changes
Bug 2011767 - RootDN Access Control Plugin - configuration stuck and a wrong message is displayed
Bug 2011814 - Account Policy Plugin - configuration failing with error
relates: #4962
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
a123c215 by Mark Reynolds at 2021-11-02T10:46:54-04:00
Issue 4973 - update snmp to use /run/dirsrv for PID file
Description: Previously SNMP would write the agent PID file directly
under /run (or /var/run), but this broke a CI test after
updating lib389/defaults.inf to use /run/dirsrv.
Instead of hacking the CI test, I changed the path
snmp uses to: /run/dirsrv/ Which is where it
should really be written anyway.
relates: https://github.com/389ds/389-ds-base/issues/4973
Reviewed by: vashirov(Thanks!)
- - - - -
b0e890bf by Viktor Ashirov at 2021-11-03T12:17:03+01:00
Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import
Bug Description:
Previous change 6b10f1795f52395aa46d48a6f0428d126b35a90d had a wrong
assumption that total_time1 and total_time2 have a very insignificant
difference in case nsslapd-db-private-import-mem is set to 'off'.
In reality it is insignificant only on a smaller number of entries.
A recent change in libdb exposed this wrong assumption. With this change
__db.00* files get the maximum size in advance, instead of expanding
them when needed.
Fix Description:
Revert 6b10f1795f52395aa46d48a6f0428d126b35a90d.
Fixes: https://github.com/389ds/389-ds-base/issues/4976
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
b1efe0d4 by Mark Reynolds at 2021-11-03T08:56:11-04:00
Issue 4978 - make installer robust
Description: When run in a container the server can fail to start
because the installer sets the db_home_dir to /dev/shm,
but in containers the default size of /dev/shm is too
small for libdb. We should detect if we are in a
container and not set db_home_dir to /dev/shm.
During instance removal, if an instance was not properly
created then it can not be removed either. Make the
uninstall more robust to accept some errors and continue
removing the instance.
relates: https://github.com/389ds/389-ds-base/issues/4978
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
7570259a by tbordaz at 2021-11-05T09:59:47+01:00
Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981)
releases where it was DirectoryString
Bug description:
For years 'gecos' was DirectoryString (UTF8), with #50933 it was restricted to IA5 (ascii)
https://github.com/389ds/389-ds-base/commit/0683bcde1b667b6d0ca6e8d1ef605f17c51ea2f7#
IA5 definition conforms rfc2307 but is a problem for existing deployments
where entries can have 'gecos' attribute value with UTF8.
Fix description:
Revert the definition to of 'gecos' being Directory String
Additional fix to make test_replica_backup_and_restore more
robust to CI
relates: https://github.com/389ds/389-ds-base/issues/4972
Reviewed by: William Brown, Pierre Rogier, James Chapman (Thanks !)
Platforms tested: F34
- - - - -
608d4b37 by tbordaz at 2021-11-05T16:37:42+01:00
Issue 4678 - RFE automatique disable of virtual attribute checking (#4918)
Bug description:
Virtual attributes are configured via Roles or COS definitions
and registered during initialization of those plugins.
Virtual attributes are processed during search evaluation of
filter and returned attributes. This processing is expensive
and prone to create contention between searches.
Use of virtual attribute is not frequent. So many of the
deployement process virtual attribute even if there is none.
Fix description:
The fix configure the server to ignore virtual attribute by
default (nsslapd-ignore-virtual-attrs: on).
At startup, if a new virtual attribute is registered or
it exists Roles/COS definitions, then the server is
configured to process the virtual attributes
(nsslapd-ignore-virtual-attrs: off)
design: https://www.port389.org/docs/389ds/design/vattr-automatic-toggle.html
relates: https://github.com/389ds/389-ds-base/issues/4678
Reviewed by: William Brown, Simon Pichugin, Mark Reynolds (Thanks !!)
Platforms tested: F34
- - - - -
33c85c56 by Mark Reynolds at 2021-11-10T08:57:50-05:00
Issue 4978 - use more portable python command for checking containers
Description: During the installation check for containers use arguments
for subprocess.run() that work on all versions of python
relates: https://github.com/389ds/389-ds-base/issues/4978
Reviewed by: mreynolds(one line commit rule)
- - - - -
f53793d3 by Simon Pichugin at 2021-11-12T10:45:23-08:00
Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000)
Description: Don't start/stop instance if it's already started/stopped.
Add JSON error output to the basic CLI tool's operations.
Fix Ciphers Tab behaviour so it's aligned with the documentation and the
core functionality.
Relates: https://github.com/389ds/389-ds-base/issues/4962
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
8a2b4c7d by Mark Reynolds at 2021-11-15T16:43:02-05:00
Issue 5001 - Fix next round of UI bugs:
Description:
Addressing a series of bugs found by QE:
Bug 2016526 - LDAPI & Autobind save btn misbehaving
Bug 2016481 - Disabling Security leaves the pop-up window open
Bug 2016026 - Selecting existing certificate in Security Configuration crashes browser
Bug 2017402 - Adding several allowed SASL mechanisms does not behave correctly
Bug 2017411 - cockpit crashes because invalid SASL mapping regex was saved
Bug 2022117 - Cockpit UI: Editing an Objectclass name causes an error in Cockpit UI
Bug 2021194 - Searching "matching rules" in the "Schema" Tab crashes browser
Bug 2021591 - cockpit : audit and audit failure log enablement status is not persistent
relates: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
172dd04e by spike at 2021-11-16T09:09:49-05:00
Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail.
Description: Use local_simple_allocate in dsctl so that isLocal is always set properly
Relates: https://github.com/389ds/389-ds-base/issues/4959
Reviewed by: @droideck (Thanks!)
- - - - -
a69bd611 by Mark Reynolds at 2021-11-16T11:49:26-05:00
Issue 5001 - Update CI test for new availableSASLMechs attribute
Description: Issue 5001 added a new attribute to the root dse, but
a CI test was not updated for the new attribute.
relates: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: mreynolds (one line commit rule)
- - - - -
f974ec39 by Mark Reynolds at 2021-11-17T15:37:59-05:00
Issue 5006 - UI - LDAP editor tree not being properly updated
Description: Deleting an entry was the tree view did not update the
treeview. Updates to table view were also not seen
in the tree view. The views should now be in synch
Also, replaced some console logging with our "log_cmd"
function in the editor utils file.
relates: https://github.com/389ds/389-ds-base/issues/5006
Reviewed by: spichugi(Thanks!)
- - - - -
64a521f4 by Timo Aaltonen at 2021-11-18T15:56:43+02:00
Override some lintian errors.
- - - - -
18a12749 by Mark Reynolds at 2021-11-21T17:48:37-05:00
Issue 5014 - UI - Add group creation to LDAP editor
Description: Added group creation to LDAP editor via the "New ..."
menu option
relates: https://github.com/389ds/389-ds-base/issues/5014
Reviewed by: spichugi(Thanks!)
- - - - -
a033e026 by Simon Pichugin at 2021-11-22T19:39:33-05:00
Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016)
Description:
Bug 2014924 - Cockpit UI: UX Bugs and other cockpit GUI related defects
Bug 2017441 - cockpit : Export changelog allows to check both 'Export to LDIF For Debugging' options but only takes one into account
Bug 2018101 - cockpit : impossible to create credentials or aliases for replication monitoring synchronization report
Bug 2021250 - cockpit : logging setting entered values for rotation and deletion policies should be checked
Bug 2021278 - Cockpit UI: Unable to Edit Attributes without first searching for the attribute to edit
Related: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: @mreynolds389 (Thanks!!)
- - - - -
237913e8 by Mark Reynolds at 2021-11-22T19:44:39-05:00
Bump version to 2.0.11
- - - - -
5952e984 by Timo Aaltonen at 2021-12-15T20:48:24+02:00
Merge branch 'upstream' into master-next
- - - - -
2df23cf9 by Timo Aaltonen at 2021-12-15T20:48:54+02:00
bump the version
- - - - -
9f06adbb by Timo Aaltonen at 2021-12-15T20:49:48+02:00
watch: Update the url.
- - - - -
30 changed files:
- .github/workflows/pytest.yml
- Makefile.am
- VERSION.sh
- configure.ac
- + debian/389-ds-base-libs.lintian-overrides
- debian/389-ds-base.lintian-overrides
- debian/changelog
- debian/watch
- dirsrvtests/conftest.py
- dirsrvtests/tests/suites/acl/keywords_part2_test.py
- dirsrvtests/tests/suites/automember_plugin/configuration_test.py
- dirsrvtests/tests/suites/basic/basic_test.py
- dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py
- dirsrvtests/tests/suites/config/config_test.py
- dirsrvtests/tests/suites/cos/cos_test.py
- dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py
- dirsrvtests/tests/suites/filter/schema_validation_test.py
- dirsrvtests/tests/suites/healthcheck/health_security_test.py
- dirsrvtests/tests/suites/import/import_test.py
- dirsrvtests/tests/suites/paged_results/paged_results_test.py
- + dirsrvtests/tests/suites/replication/promote_demote_test.py
- dirsrvtests/tests/suites/roles/basic_test.py
- dirsrvtests/tests/suites/schema/schema_test.py
- dirsrvtests/tests/suites/setup_ds/dscreate_test.py
- dirsrvtests/tests/suites/syncrepl_plugin/__init__.py
- dirsrvtests/tests/suites/syncrepl_plugin/openldap_test.py
- docs/slapi.doxy.in
- include/base/util.h
- ldap/admin/src/defaults.inf.in
- ldap/admin/src/logconv.pl
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/f405c03ccc2655b252eefd17f3c287878bf3b40a...9f06adbba1ef5c9e7cbd663e1bb4ef1bfc012090
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/f405c03ccc2655b252eefd17f3c287878bf3b40a...9f06adbba1ef5c9e7cbd663e1bb4ef1bfc012090
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20211215/002e39e6/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list